[sudo-users] sudo authentication using ssh-agent

Gray Watson gray.sudo at mailnull.com
Thu Feb 16 19:54:36 EST 2006

In the following message, Rogan Dawes makes a request that I'd like to


Is anyone considering adding support into sudo for ssh-agent
authentication?  My problem is that I have sudo on work, home, and
other systems.  I use ssh-agent to control my logins but I always
wince when I type in my home password on my work system -- possibly
exposing a password in a less secure environment.

If sudo authentication was done with a challenge-response on an
established ssh key via the ssh-agent socket, in my view I would have
improved security on the systems that I manage.  /etc/sudoers could
not only list the users with permissions but the public keys of the
users.  If the SSH_AUTH_SOCK was available it could interrogate the
remote ssh-agent otherwise it would prompt for local password.

Gray Watson

More information about the sudo-users mailing list