su/sudo using ssh auth

Koehntop, Lucas LKoehntop at dakcl.com
Sat Nov 3 02:32:31 EST 2001


You could also try using the Kerberos auth methods as well.  This would let
you do what you want.
Lucas Koehntop

-----Original Message-----
From: sudo-workers-admin at courtesan.com
[mailto:sudo-workers-admin at courtesan.com] On Behalf Of Jochen Topf
Sent: Friday, November 02, 2001 5:30 AM
To: sudo-workers at courtesan.com; openssh-unix-dev at mindrot.org
Subject: su/sudo using ssh auth


To the openssh and sudo developer mailing lists:

Ssh has a key agent allowing authentication to remote hosts without entering
your password/passphrase again and again, which is very convenient. I think
the 'su', 'sudo', and similiar commands could benefit from this idea and
mechanism. I don't have the necessary expertise in cryptology to do this
myself so I just want to throw this into the 
diskussion. If programs like 'su' und 'sudo' could be extended to use the
ssh-agent a 'su-authorized-keys' file in the homedir of root would be enough
to become root or any other user with any key in that file. For 'sudo' a
similar mechanism could be used.

With existing ssh software I can, of course, put my key into root's
authorized_keys file and ssh to 'root at localhost', but this is an unnecessary
roundabout route, conflicts with policies disallowing remote root logins and
doesn't give me access to other accounts (like 'news' or user accounts) I
want to 'su' to.

Any ideas how this could be accomplished?

Jochen
-- 
Jochen Topf - jochen at remote.org - http://www.remote.org/jochen/

____________________________________________________________ 
sudo-workers mailing list <sudo-workers at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-workers



More information about the openssh-unix-dev mailing list