|
Home > Archive > Unix administration > June 2005 > sudo and ssh pass phrase
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
sudo and ssh pass phrase
|
|
| ctippur@gmail.com 2005-06-08, 2:49 am |
| All,
I am not sure where I need to post this question.
We are using ssh key based authentication for logging in.
>From what I know, SUDO uses password based authentication method. Is
there anyway we can make SUDO work with SSH keybased authentication
method.
Note: As this is a secure environment, we have made the login as "NP"
indicating that this ID is locked.
I appreciate any input.
Thanks,
Shekar
| |
| Dave Hinz 2005-06-08, 5:58 pm |
| On 7 Jun 2005 19:26:47 -0700, ctippur@gmail.com <ctippur@gmail.com> wrote:
> All,
>
> I am not sure where I need to post this question.
> We are using ssh key based authentication for logging in.
> there anyway we can make SUDO work with SSH keybased authentication
> method.
> Note: As this is a secure environment, we have made the login as "NP"
> indicating that this ID is locked.
> I appreciate any input.
If you're asking what I think you're asking... this should work:
ssh user@host "sudo command"
....as long as you have "command" configured in the sudoers file as
needing no password for "user". If that's not acceptable, or not what
you're asking, then please give an example.
Dave Hinz
| |
| Jeremiah DeWitt Weiner 2005-06-08, 5:58 pm |
| ctippur@gmail.com wrote:
>From what I know, SUDO uses password based authentication method. Is
> there anyway we can make SUDO work with SSH keybased authentication
> method.
I don't think so, at least not without changing the sudo source
code. What you could do is set up /etc/sudoers so that users don't have
to type in their password at all, if that's acceptable to you. I also
see that sudo (at least on my systems) is linked against PAM, so maybe
you could do something with that...
I'm curious, though: what exactly do you mean when you say you want
sudo to "work with SSH keybased authentication method"? How exactly do
you picture this working? Under what circumstances would the sudo
attempt be allowed or disallowed?
> Note: As this is a secure environment, we have made the login as "NP"
> indicating that this ID is locked.
Is there some particular reason you don't use passwords at all? You
could always give the users passwords, but set up SSH so that it won't
allow passwords for login purposes (look for "PasswordAuthentication" in
the sshd_config man page).
JDW
|
|
|
|
|