su/sudo using ssh auth
LKoehntop at dakcl.com
Fri Nov 2 10:32:31 EST 2001
You could also try using the Kerberos auth methods as well. This would let
you do what you want.
From: sudo-workers-admin at courtesan.com
[mailto:sudo-workers-admin at courtesan.com] On Behalf Of Jochen Topf
Sent: Friday, November 02, 2001 5:30 AM
To: sudo-workers at courtesan.com; openssh-unix-dev at mindrot.org
Subject: su/sudo using ssh auth
To the openssh and sudo developer mailing lists:
Ssh has a key agent allowing authentication to remote hosts without entering
your password/passphrase again and again, which is very convenient. I think
the 'su', 'sudo', and similiar commands could benefit from this idea and
mechanism. I don't have the necessary expertise in cryptology to do this
myself so I just want to throw this into the
diskussion. If programs like 'su' und 'sudo' could be extended to use the
ssh-agent a 'su-authorized-keys' file in the homedir of root would be enough
to become root or any other user with any key in that file. For 'sudo' a
similar mechanism could be used.
With existing ssh software I can, of course, put my key into root's
authorized_keys file and ssh to 'root at localhost', but this is an unnecessary
roundabout route, conflicts with policies disallowing remote root logins and
doesn't give me access to other accounts (like 'news' or user accounts) I
want to 'su' to.
Any ideas how this could be accomplished?
Jochen Topf - jochen at remote.org - http://www.remote.org/jochen/
sudo-workers mailing list <sudo-workers at courtesan.com>
For list information, options, or to unsubscribe, visit:
More information about the sudo-workers