Ubuntu question

Jon Jensen jon at endpoint.com
Mon Apr 7 12:53:31 MDT 2008


On Mon, 7 Apr 2008, Andrew Jorgensen wrote:

>> For me the suboptimal thing about sudo is lack of ssh key 
>> authentication support. I connect to dozens of servers without using 
>> (or even knowing) the passwords. And sudo isn't useful if you don't use 
>> passwords.
>>
>> If ssh key authentication support were integrated with sudo, it would 
>> be very nice.
>
> Why not add your key to /root/.ssh/authorized_keys?

I usually do that. But that isn't using sudo, and this was a sudo-love 
thread. :)

For anyone who wants the auditing of sudo, ssh root at localhost bypasses 
that. People who blanket-deny root ssh auth make this not an option too.

> Or maybe I misunderstand what you'd like to have happen?  Oh, wait, I 
> think I do understand.  You can't use sudo because it prompts you for 
> the user's password (which you don't know).  Yeah, that sucks.  Maybe 
> there's a PAM module that needs to be written?

I think sudo itself would be the place, but perhaps PAM would work too. I 
don't believe PAM currently knows anything about ssh key authentication, 
though.

> But then, if it's not your machine (if it is then you'd know the 
> password) what are you doing trying to poke around as root anyway! :-)

These are machines I was intentionally given root access to, but that 
doesn't mean I know the password, or that it even *has* a password. Many 
machines are involved here, managed by various people with differing 
security policies.

Jon

-- 
Jon Jensen
End Point Corporation
http://www.endpoint.com/



More information about the PLUG mailing list