[Tfug] using ssh key for sudo auth?
rsutherland at epccs.com
Mon May 7 23:27:48 MST 2007
I use this script to setup ssh keys if I don't want to use passwords
Can I put an attachment to the list?
Stephen Hooper wrote:
> Google for "pam_ssh", and have sudo use PAM.
> By "default" my sudo does:
> chimera ~ # ldd `which sudo`
> linux-gate.so.1 => (0xffffe000)
> libpam.so.0 => /lib/libpam.so.0 (0xb7eeb000)
> Let us (or at least me) know if you need help with "PAM", or think
> that isn't the right solution.
> On 5/7/07, Chad Woolley <thewoolleyman at gmail.com> wrote:
>> Thanks for the response, Robert.
>> Yes, I know about sudoers (and just reviewed the sudoers man page).
>> However, the only options I see are PASSWD, which will use the current
>> users password, and NOPASSWD for no password required, which I don't
>> want. I instead want to authenticate with some shared key, so I only
>> have to remember one passphrase, but it's still secure unless my
>> passphrase is compromised.
>> The use_loginclass looks promising, but I don't really understand how
>> to use it (or what a loginclass is).
>> -- Chad
>> On 5/7/07, Robert Hunter <hunter at tfug.org> wrote:
>>>> Alternately, what are the options to access sudo on many different
>>>> machines, where the user password is different on each machine,
>>>> without having to remember each individual password? I know I could
>>>> disable the password requirement totally in sudoers, but that's
>>>> insecure. i'd really rather do it by putting my passphrase-protected
>>>> key on all the servers and using that as my auth.
>>> Have you looked at sudoers?
>>> Tucson Free Unix Group - tfug at tfug.org
>>> Subscription Options:
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the tfug