[Gllug] sudo authentication against ssh key

James Courtier-Dutton james.dutton at gmail.com
Mon Jul 20 15:11:03 UTC 2009


2009/7/20 Minty <mintywalker at gmail.com>:
> Does anyone if it is possible (& how) to authenticate a sudo user
> against their ssh key, rather than a password?
>
> I'm want to allow a user password-less sudo (to named commands
> controlled via /etc/sudoers) if and only if they've connected via ssh
> using their key.
>
> That is, sudo's NOPASSWD feature isn't sufficient as that would allow
> anyone who could get a arbitary command to run as that user to sudo.
>
> I want "if you've authenticated enough for ssh then sudo doesn't need
> to authenticate you further".
>
> Or am I approaching this via the wrong angle?

Yes, totally the wrong angle.
Here is why:
Think where the public ssh key would go and who would be able to add
arbitrary new ones?
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list