jon at endpoint.com
Mon Apr 7 12:53:31 MDT 2008
On Mon, 7 Apr 2008, Andrew Jorgensen wrote:
>> For me the suboptimal thing about sudo is lack of ssh key
>> authentication support. I connect to dozens of servers without using
>> (or even knowing) the passwords. And sudo isn't useful if you don't use
>> If ssh key authentication support were integrated with sudo, it would
>> be very nice.
> Why not add your key to /root/.ssh/authorized_keys?
I usually do that. But that isn't using sudo, and this was a sudo-love
For anyone who wants the auditing of sudo, ssh root at localhost bypasses
that. People who blanket-deny root ssh auth make this not an option too.
> Or maybe I misunderstand what you'd like to have happen? Oh, wait, I
> think I do understand. You can't use sudo because it prompts you for
> the user's password (which you don't know). Yeah, that sucks. Maybe
> there's a PAM module that needs to be written?
I think sudo itself would be the place, but perhaps PAM would work too. I
don't believe PAM currently knows anything about ssh key authentication,
> But then, if it's not your machine (if it is then you'd know the
> password) what are you doing trying to poke around as root anyway! :-)
These are machines I was intentionally given root access to, but that
doesn't mean I know the password, or that it even *has* a password. Many
machines are involved here, managed by various people with differing
End Point Corporation
More information about the PLUG