[Tfug] using ssh key for sudo auth?

Ronald Sutherland rsutherland at epccs.com
Mon May 7 23:27:48 MST 2007 

I use this script to setup ssh keys if I don't want to use passwords 
between machines.

Can I put an attachment to the list?

Stephen Hooper wrote:
> Google for "pam_ssh", and have sudo use PAM.
>
> http://pam-ssh.sourceforge.net/
>
> By "default" my sudo does:
>
> chimera ~ # ldd `which sudo`
>         linux-gate.so.1 =>  (0xffffe000)
>         libpam.so.0 => /lib/libpam.so.0 (0xb7eeb000)
>         blah...
>
> Let us (or at least me) know if you need help with "PAM", or think
> that isn't the right solution.
>
> On 5/7/07, Chad Woolley <thewoolleyman at gmail.com> wrote:
>   
>> Thanks for the response, Robert.
>>
>> Yes, I know about sudoers (and just reviewed the sudoers man page).
>> However, the only options I see are PASSWD, which will use the current
>> users password, and NOPASSWD for no password required, which I don't
>> want.  I instead want to authenticate with some shared key, so I only
>> have to remember one passphrase, but it's still secure unless my
>> passphrase is compromised.
>>
>> The use_loginclass looks promising, but I don't really understand how
>> to use it (or what a loginclass is).
>>
>> -- Chad
>>     
>
>   
>> On 5/7/07, Robert Hunter <hunter at tfug.org> wrote:
>>     
>>>> Alternately, what are the options to access sudo on many different
>>>> machines, where the user password is different on each machine,
>>>> without having to remember each individual password?  I know I could
>>>> disable the password requirement totally in sudoers, but that's
>>>> insecure.  i'd really rather do it by putting my passphrase-protected
>>>> key on all the servers and using that as my auth.
>>>>         
>>> Have you looked at sudoers?
>>>
>>> --
>>> Rob
>>>
>>> _______________________________________________
>>> Tucson Free Unix Group - tfug at tfug.org
>>> Subscription Options:
>>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>>
>>>       
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>>     
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>   

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mkeys
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20070507/80a7015c/attachment.ksh>

More information about the tfug mailing list