Bug#109793: marked as done (sudo should be able to use ssh credentials)

Mon, 31 Aug 2009 11:57:52 -0700 

Your message dated Mon, 31 Aug 2009 12:40:14 -0600 (MDT)
with message-id <[email protected]>
and subject line no action taken
has caused the Debian Bug report #109793,
regarding sudo should be able to use ssh credentials
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
109793: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=109793
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sudo
Version: 1.6.3p7-2
Severity: wishlist

It would be nice if sudo could connect to an ssh-agent and allow the
command if sshd would have allowed it.  This should probably be a feature
that the sysadmin would have to explicitly turn on, of course.

This would avoid the need to type passwords into remote machines, and thus
avoid the possibility that the remote sysadmin could sniff the password,
or that evesdroppers could traffic-analyse the ssh connection to work
out information about the password.

-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux aragorn 2.4.3 #1 Mon Apr 9 13:27:17 BST 2001 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages sudo depends on:
ii  libc6                         2.2.3-9    GNU C Library: Shared libraries an
ii  libpam-modules                0.72-25    Pluggable Authentication Modules f
ii  libpam0g                      0.72-25    Pluggable Authentication Modules l

--- End Message ---
--- Begin Message --- 
The more I think about this, the less relationship I see between remote access
credentials for a given user and sudo command authorization.  

If you have the ability to access a remote system using ssh as a particular 
user, then you don't need sudo to behave as that user on the remote end.

Suitable sudo configuration already allows for fine-grained control over the
command executable by a user, and whether a password needs to be entered to
execute those commands.  So the desired outcome articulated in this bug report
is already achievable.

Closing this bug report with no action taken.

Bdale

--- End Message ---

Reply via email to