[Tfug] using ssh key for sudo auth?

Stephen Hooper stephen.hooper at gmail.com
Mon May 7 23:02:51 MST 2007


Google for "pam_ssh", and have sudo use PAM.

http://pam-ssh.sourceforge.net/

By "default" my sudo does:

chimera ~ # ldd `which sudo`
        linux-gate.so.1 =>  (0xffffe000)
        libpam.so.0 => /lib/libpam.so.0 (0xb7eeb000)
        blah...

Let us (or at least me) know if you need help with "PAM", or think
that isn't the right solution.

On 5/7/07, Chad Woolley <thewoolleyman at gmail.com> wrote:
> Thanks for the response, Robert.
>
> Yes, I know about sudoers (and just reviewed the sudoers man page).
> However, the only options I see are PASSWD, which will use the current
> users password, and NOPASSWD for no password required, which I don't
> want.  I instead want to authenticate with some shared key, so I only
> have to remember one passphrase, but it's still secure unless my
> passphrase is compromised.
>
> The use_loginclass looks promising, but I don't really understand how
> to use it (or what a loginclass is).
>
> -- Chad

>
> On 5/7/07, Robert Hunter <hunter at tfug.org> wrote:
> > > Alternately, what are the options to access sudo on many different
> > > machines, where the user password is different on each machine,
> > > without having to remember each individual password?  I know I could
> > > disable the password requirement totally in sudoers, but that's
> > > insecure.  i'd really rather do it by putting my passphrase-protected
> > > key on all the servers and using that as my auth.
> >
> >
> > Have you looked at sudoers?
> >
> > --
> > Rob
> >
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> >
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>




More information about the tfug mailing list