[nycbug-talk] Public-key sudo?

Bob Ippolito bob at redivi.com
Sat Jan 7 16:31:30 EST 2012


On Sat, Jan 7, 2012 at 1:06 PM, Edward Capriolo <edlinuxguru at gmail.com>wrote:

> I am a little bit curious about what people view as the distinction
> between:
>
> Force public key SSH and sudo NOPASSWD and
> Sudo using SSHAgent.
>
> I am doing the former in my deployment. I do not understand what advantage
> having sudo do an SSH auth would bring.
>

Well, SSH agent can be better if you have it configured to ask for
confirmation. It prevents a privilege escalation attack where the attacker
gets at something running as my user and can get root just by executing
sudo (if NOPASSWD). With SSH agent I would at least have to be connected
with agent forwarding on, and if I'm paranoid and have confirmation turned
on then the only way for them to escalate would be for me to confirm their
request to use my agent (still a chance for human error).

Of course if I have agent forwarding on without confirmation and the
machine is compromised (root or my user), then I have a big problem.

-bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20120107/2f7f2c50/attachment.html>


More information about the talk mailing list