[Gllug] sudo authentication against ssh key
Bruce Richardson
itsbruce at workshy.org
Mon Jul 20 15:18:23 UTC 2009
On Mon, Jul 20, 2009 at 04:11:03PM +0100, James wrote:
> > Or am I approaching this via the wrong angle?
>
> Yes, totally the wrong angle.
> Here is why:
> Think where the public ssh key would go and who would be able to add
> arbitrary new ones?
Tethy has a valid point but yours is easily fixed. Assuming somebody
does have a valid reason to prefer key authentication, it's quite
possible to change the sshd configuration so that keys are stored
somewhere that the user can't modify. Indeed, on a locked down
remote-login server, there's no reason to assume that a user can modify
the contents of his/her own home directory.
--
Bruce
Those who cast the votes decide nothing. Those who count the
votes decide everything. -- Joseph Stalin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090720/54340213/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list