[sudo-users] sudo authentication using ssh-agent
Gray Watson
gray.sudo at mailnull.com
Thu Feb 16 19:54:36 EST 2006
In the following message, Rogan Dawes makes a request that I'd like to
second.
http://www.sudo.ws/mailman/htdig/sudo-users/2005-April/002467.html
Is anyone considering adding support into sudo for ssh-agent
authentication? My problem is that I have sudo on work, home, and
other systems. I use ssh-agent to control my logins but I always
wince when I type in my home password on my work system -- possibly
exposing a password in a less secure environment.
If sudo authentication was done with a challenge-response on an
established ssh key via the ssh-agent socket, in my view I would have
improved security on the systems that I manage. /etc/sudoers could
not only list the users with permissions but the public keys of the
users. If the SSH_AUTH_SOCK was available it could interrogate the
remote ssh-agent otherwise it would prompt for local password.
Comments?
---
Gray Watson
More information about the sudo-users
mailing list