Using SSH as "su"-substitute
Ph. Marek
marek at bmlv.gv.at
Tue Jun 25 18:27:24 EST 2002
Hello everybody!
I'd like to present a feature wish: using ssh as a substitue for su.
Of course, if I have a forwarding agent (or the correct key) I can simply do a
ssh -l <other_user> localhost
but that's not really optimal - the environment gets lost as I'm newly logged
in, agent forwarding has one more hop to traverse, the data is once more
en/decrypted, ...
So I propose a new ssu tool which uses the current ssh-agent (or key in the
filesystem) to verify authorization to su to another user (without using a
password). Alternatively it may be possible (at least on some systems) to use
a PAM-Module which does this.
Usage:
ssu [-] [Username] [-i identityFile] [-c command]
It has the verification part of sshd and the frontend of ssh.
Comments?
Regards,
Phil
More information about the openssh-unix-dev
mailing list