Aurélien Labrosse ext RD-CSRD-GRE wrote:
> Juste use ssh's agent forwarding. On each machine you got the public
> key, you
> will be authenticated without any questions, unless you haven't added
> the key
> to ssh-agent on the first host.
Sorry, I perhaps didn't explain correctly. I can get into all my
machines without a password. However, I then need to enter the password
when I use "sudo".
I assume sudo uses PAM and could therefor be made to talk to the
(remote) ssh-agent to get my keys.
However I think it would require an additional (root-writable-only)
authorized_keys files for those poeple with sudo powers. Otherwise
the attacker who has access to your account already could modify your
authorized_keys file before calling sudo.
sam
> Aurelien
>
> Sam Clegg a écrit :
>
>> Hey everyone,
>>
>> I'm sure this question must come up a lot and there must be
>> a good reason not to do it but... i'd really like to be able
>> to use my ssh-agent session to authenicate sudo on remote
>> machines. Then I could finally forget about all my old UNIX
>> passwords once and for all!
>>
>> Are there any plans for this feature in your pam module?
>> Any reasons why its a stupid idea?
>>
>> cheers,
>> sam
>>
>>
--
sam clegg
:: sa...@su... :: http://superduper.net/ :: PGP : D91EE369
$superduper: .signature,v 1.13 2003/06/17 10:29:24 sam Exp $
|
