[sudo-users] Make sudo -S work with ssh -T
Glen Huang
heyhgl at gmail.com
Sat Jun 25 23:28:05 MDT 2022
> On Jun 24, 2022, at 11:42 AM, Grant Taylor via sudo-users <sudo-users at sudo.ws> wrote:
>
> Have you considered authenticating to sudo via SSH agent forwarding?
No, I didn’t. Thanks for the heads up.
However, I’m not sure I follow. If I’m not wrong, SSH agent forwarding is for logging into remote server B from remote server A without A having the credentials itself. How could that apply to sudo? Do you mean using a pam module like pam_ssh_agent_auth to authenticate the sudo user passwordlessly? I’m not familiar with this approach, but it seems to rely on ssh-agent running locally and reading a local authorized_keys file. I’m not sure if forwarding is relevant here?
I guess I probably have misunderstood. Could you share some tips on how that could be done?
Regards,
Glen
More information about the sudo-users
mailing list