On Mon, 7 Apr 2008, Andrew Jorgensen wrote:
For me the suboptimal thing about sudo is lack of ssh key
authentication support. I connect to dozens of servers without using
(or even knowing) the passwords. And sudo isn't useful if you don't use
passwords.
If ssh key authentication support were integrated with sudo, it would
be very nice.
Why not add your key to /root/.ssh/authorized_keys?
I usually do that. But that isn't using sudo, and this was a sudo-love
thread. :)
For anyone who wants the auditing of sudo, ssh [EMAIL PROTECTED] bypasses
that. People who blanket-deny root ssh auth make this not an option too.
Or maybe I misunderstand what you'd like to have happen? Oh, wait, I
think I do understand. You can't use sudo because it prompts you for
the user's password (which you don't know). Yeah, that sucks. Maybe
there's a PAM module that needs to be written?
I think sudo itself would be the place, but perhaps PAM would work too. I
don't believe PAM currently knows anything about ssh key authentication,
though.
But then, if it's not your machine (if it is then you'd know the
password) what are you doing trying to poke around as root anyway! :-)
These are machines I was intentionally given root access to, but that
doesn't mean I know the password, or that it even *has* a password. Many
machines are involved here, managed by various people with differing
security policies.
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
