[sudo-users] Make sudo -S work with ssh -T
Grant Taylor
gtaylor at tnetconsulting.net
Thu Jun 23 21:42:14 MDT 2022
On 6/23/22 7:51 PM, Glen Huang wrote:
> Could you recommend a secure way to provide the password when using
> sudo with rsync in an unattended way? I read it somewhere that giving
> rsync NOPASSWD means giving NOPASSWD to the ability to setuid root
> on any file, which I’m not comfortable with.
Have you considered authenticating to sudo via SSH agent forwarding?
It has the typical SSH agent forwarding issues, some of which can be
mitigated.
But it does mean that you actually authenticate to sudo and can thereby
avoid -- what I consider to be -- the dreaded NOPASSWD: option.
--
Grant. . . .
unix || die
More information about the sudo-users
mailing list