[Tfug] using ssh key for sudo auth?
Stephen Hooper
stephen.hooper at gmail.com
Wed May 9 09:49:11 MST 2007
Maybe if you don't do that, but instead edit the same file
("/etc/pam.d/sudo"), and just put in the "auth" line, and not the
"session" line it will timeout.
Without seeing your file I cannot say for sure (and I have never used
this product), but mine looks like this:
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
What I would do, would be add a line at the very top:
"auth required pam_ssh"
That way keys aren't getting added to the agent. The problem may
still be if a key is added to the agent (for example you doing it
manually) it may still not timeout.
On 5/9/07, Chad Woolley <thewoolleyman at gmail.com> wrote:
> There was one additional step required. I had to edit
> /etc/pam.d/sudo, and add this as the first include:
>
> @include pam-ssh-auth
>
> Then is uses my ssh passphrase. It still doesn't timeout like normal
> sudo, though...
>
> -- Chad
>
> On 5/9/07, Chad Woolley <thewoolleyman at gmail.com> wrote:
> > Stephen,
> >
> > PAM was exactly what I needed. I ran this:
> >
> > sudo apt-get install libpam-ssh
> >
> > And now I can sudo without a password after authenticating via ssh
> > with my key. Thanks!!!!
> >
> > -- Chad
More information about the tfug
mailing list