[nycbug-talk] Public-key sudo?
Pete Wright
pete at nomadlogic.org
Sat Jan 7 14:42:36 EST 2012
On Sat, 07 Jan 2012 11:31:25 -0800, Bob Ippolito <bob at redivi.com> wrote:
> I'm trying to catch up on the past few years of what's been happening
> with
> ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo has
> caught on at all?
>
> It annoys me every time I have to type in my password, and it bothers me
> more that it would be straightforward to lift my password in plaintext
> if I
> sudo on a compromised host. I started searching around and saw that there
> was a talk back in 2008 [1] that covers some implementation of this
> idea. I
> haven't listened to the talk yet, but is there an implementation
> available
> somewhere? Do people use it? On which platforms?
>
> Yes, I know I can avoid sudo altogether and just add my public key to
> root.
>
> [1] http://www.nycbug.org/index.php?NAV=Home;SUBM=10160
michael lucas just did a write up on sudo auth via ssh-agent. this which i
am working on implementing on my systems:
http://blather.michaelwlucas.com/archives/1106
-pete
--
Pete Wright
pete at nomadlogic.org
www.nomadlogic.org
More information about the talk
mailing list