su/sudo using ssh auth
John E Hein
jhein at timing.com
Fri Nov 2 10:44:52 EST 2001
Jochen Topf wrote at 12:29 +0100 on Nov 2:
> To the openssh and sudo developer mailing lists:
> Ssh has a key agent allowing authentication to remote hosts without
> entering your password/passphrase again and again, which is very
> convenient. I think the 'su', 'sudo', and similiar commands could benefit
> from this idea and mechanism. I don't have the necessary expertise in
> cryptology to do this myself so I just want to throw this into the
> diskussion. If programs like 'su' und 'sudo' could be extended to use
> the ssh-agent a 'su-authorized-keys' file in the homedir of root would
> be enough to become root or any other user with any key in that file.
> For 'sudo' a similar mechanism could be used.
> With existing ssh software I can, of course, put my key into root's
> authorized_keys file and ssh to 'root at localhost', but this is an
> unnecessary roundabout route, conflicts with policies disallowing remote
> root logins and doesn't give me access to other accounts (like 'news'
> or user accounts) I want to 'su' to.
> Any ideas how this could be accomplished?
I, too, would like this feature. I emailed the sudo-workers
list back in June (see Subject: sudo-agent).
Some day, I'll get around to writing sudo-agent.
More information about the sudo-workers