[Tfug] using ssh key for sudo auth?
Chad Woolley
thewoolleyman at gmail.com
Wed May 9 01:28:29 MST 2007
There was one additional step required. I had to edit
/etc/pam.d/sudo, and add this as the first include:
@include pam-ssh-auth
Then is uses my ssh passphrase. It still doesn't timeout like normal
sudo, though...
-- Chad
On 5/9/07, Chad Woolley <thewoolleyman at gmail.com> wrote:
> Stephen,
>
> PAM was exactly what I needed. I ran this:
>
> sudo apt-get install libpam-ssh
>
> And now I can sudo without a password after authenticating via ssh
> with my key. Thanks!!!!
>
> -- Chad
>
> On 5/7/07, Stephen Hooper <stephen.hooper at gmail.com> wrote:
> > Google for "pam_ssh", and have sudo use PAM.
> >
> > http://pam-ssh.sourceforge.net/
> >
> > By "default" my sudo does:
> >
> > chimera ~ # ldd `which sudo`
> > linux-gate.so.1 => (0xffffe000)
> > libpam.so.0 => /lib/libpam.so.0 (0xb7eeb000)
> > blah...
> >
> > Let us (or at least me) know if you need help with "PAM", or think
> > that isn't the right solution.
> >
> > On 5/7/07, Chad Woolley <thewoolleyman at gmail.com> wrote:
> > > Thanks for the response, Robert.
> > >
> > > Yes, I know about sudoers (and just reviewed the sudoers man page).
> > > However, the only options I see are PASSWD, which will use the current
> > > users password, and NOPASSWD for no password required, which I don't
> > > want. I instead want to authenticate with some shared key, so I only
> > > have to remember one passphrase, but it's still secure unless my
> > > passphrase is compromised.
> > >
> > > The use_loginclass looks promising, but I don't really understand how
> > > to use it (or what a loginclass is).
> > >
> > > -- Chad
> >
> > >
> > > On 5/7/07, Robert Hunter <hunter at tfug.org> wrote:
> > > > > Alternately, what are the options to access sudo on many different
> > > > > machines, where the user password is different on each machine,
> > > > > without having to remember each individual password? I know I could
> > > > > disable the password requirement totally in sudoers, but that's
> > > > > insecure. i'd really rather do it by putting my passphrase-protected
> > > > > key on all the servers and using that as my auth.
> > > >
> > > >
> > > > Have you looked at sudoers?
> > > >
> > > > --
> > > > Rob
> > > >
> > > > _______________________________________________
> > > > Tucson Free Unix Group - tfug at tfug.org
> > > > Subscription Options:
> > > > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> > > >
> > >
> > > _______________________________________________
> > > Tucson Free Unix Group - tfug at tfug.org
> > > Subscription Options:
> > > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> > >
> >
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> >
>
More information about the tfug
mailing list