su/sudo using ssh auth

John E Hein jhein at timing.com
Sat Nov 3 02:44:52 EST 2001


Jochen Topf wrote at 12:29 +0100 on Nov  2:
 > To the openssh and sudo developer mailing lists:
 > 
 > Ssh has a key agent allowing authentication to remote hosts without
 > entering your password/passphrase again and again, which is very
 > convenient. I think the 'su', 'sudo', and similiar commands could benefit
 > from this idea and mechanism. I don't have the necessary expertise in
 > cryptology to do this myself so I just want to throw this into the 
 > diskussion. If programs like 'su' und 'sudo' could be extended to use
 > the ssh-agent a 'su-authorized-keys' file in the homedir of root would
 > be enough to become root or any other user with any key in that file.
 > For 'sudo' a similar mechanism could be used.
 > 
 > With existing ssh software I can, of course, put my key into root's
 > authorized_keys file and ssh to 'root at localhost', but this is an
 > unnecessary roundabout route, conflicts with policies disallowing remote
 > root logins and doesn't give me access to other accounts (like 'news'
 > or user accounts) I want to 'su' to.
 > 
 > Any ideas how this could be accomplished?

I, too, would like this feature.  I emailed the sudo-workers
 list back in June (see Subject: sudo-agent).

Some day, I'll get around to writing sudo-agent.



More information about the openssh-unix-dev mailing list