Use of non-user readable (null password) private keys
Phil Pennock
Phil.Pennock at globnix.org
Wed Mar 28 11:05:17 EST 2001
On 2001-03-27 at 17:44 +0100, Piete Brooks gifted us with:
> Locally they can use sudo, but for performing operations on a remote machine,
> they need an ssh capability.
Locally, they can use sudo.
prompt$ cat /usr/local/bin/fred
#!/bin/sh
sudo -u bert ssh -i /home/bert/.ssh/zebedee zebedee.example.org wibble "$@"
prompt$
Gives you the benefit of logs on the client-side too, indicating exactly
who invoked it. Unless the remote side needs to ask identd questions?
If absolutely necessary that they not auth before doing stuff remotely,
just use "NOPASSWD:" in sudoers for that command-entry.
--
Do not anger a bard, for your name is silly and it scans to 'Greensleeves'.
More information about the openssh-unix-dev
mailing list