su/sudo using ssh auth
Jochen Topf
jochen at remote.org
Fri Nov 2 22:29:34 EST 2001
To the openssh and sudo developer mailing lists:
Ssh has a key agent allowing authentication to remote hosts without
entering your password/passphrase again and again, which is very
convenient. I think the 'su', 'sudo', and similiar commands could benefit
from this idea and mechanism. I don't have the necessary expertise in
cryptology to do this myself so I just want to throw this into the
diskussion. If programs like 'su' und 'sudo' could be extended to use
the ssh-agent a 'su-authorized-keys' file in the homedir of root would
be enough to become root or any other user with any key in that file.
For 'sudo' a similar mechanism could be used.
With existing ssh software I can, of course, put my key into root's
authorized_keys file and ssh to 'root at localhost', but this is an
unnecessary roundabout route, conflicts with policies disallowing remote
root logins and doesn't give me access to other accounts (like 'news'
or user accounts) I want to 'su' to.
Any ideas how this could be accomplished?
Jochen
--
Jochen Topf - jochen at remote.org - http://www.remote.org/jochen/
More information about the openssh-unix-dev
mailing list