Re: [Pam-ssh-users] using ssh-agent as auth method
Brought to you by:
rosenauer
Menu
▾
▴
Re: [Pam-ssh-users] using ssh-agent as auth method
|
From: Sam C. <sa...@su...> - 2004-12-06 15:09:38
|
Aurélien Labrosse ext RD-CSRD-GRE wrote: > Juste use ssh's agent forwarding. On each machine you got the public > key, you > will be authenticated without any questions, unless you haven't added > the key > to ssh-agent on the first host. Sorry, I perhaps didn't explain correctly. I can get into all my machines without a password. However, I then need to enter the password when I use "sudo". I assume sudo uses PAM and could therefor be made to talk to the (remote) ssh-agent to get my keys. However I think it would require an additional (root-writable-only) authorized_keys files for those poeple with sudo powers. Otherwise the attacker who has access to your account already could modify your authorized_keys file before calling sudo. sam > Aurelien > > Sam Clegg a écrit : > >> Hey everyone, >> >> I'm sure this question must come up a lot and there must be >> a good reason not to do it but... i'd really like to be able >> to use my ssh-agent session to authenicate sudo on remote >> machines. Then I could finally forget about all my old UNIX >> passwords once and for all! >> >> Are there any plans for this feature in your pam module? >> Any reasons why its a stupid idea? >> >> cheers, >> sam >> >> -- sam clegg :: sa...@su... :: http://superduper.net/ :: PGP : D91EE369 $superduper: .signature,v 1.13 2003/06/17 10:29:24 sam Exp $ |
