su/sudo using ssh auth

Koehntop, Lucas LKoehntop at
Fri Nov 2 10:32:31 EST 2001

You could also try using the Kerberos auth methods as well.  This would let
you do what you want.
Lucas Koehntop

-----Original Message-----
From: sudo-workers-admin at
[mailto:sudo-workers-admin at] On Behalf Of Jochen Topf
Sent: Friday, November 02, 2001 5:30 AM
To: sudo-workers at; openssh-unix-dev at
Subject: su/sudo using ssh auth

To the openssh and sudo developer mailing lists:

Ssh has a key agent allowing authentication to remote hosts without entering
your password/passphrase again and again, which is very convenient. I think
the 'su', 'sudo', and similiar commands could benefit from this idea and
mechanism. I don't have the necessary expertise in cryptology to do this
myself so I just want to throw this into the 
diskussion. If programs like 'su' und 'sudo' could be extended to use the
ssh-agent a 'su-authorized-keys' file in the homedir of root would be enough
to become root or any other user with any key in that file. For 'sudo' a
similar mechanism could be used.

With existing ssh software I can, of course, put my key into root's
authorized_keys file and ssh to 'root at localhost', but this is an unnecessary
roundabout route, conflicts with policies disallowing remote root logins and
doesn't give me access to other accounts (like 'news' or user accounts) I
want to 'su' to.

Any ideas how this could be accomplished?

Jochen Topf - jochen at -

sudo-workers mailing list <sudo-workers at>
For list information, options, or to unsubscribe, visit:

More information about the sudo-workers mailing list