[nycbug-talk] Public-key sudo?

Pete Wright pete at nomadlogic.org
Sat Jan 7 14:42:36 EST 2012


On Sat, 07 Jan 2012 11:31:25 -0800, Bob Ippolito <bob at redivi.com> wrote:

> I'm trying to catch up on the past few years of what's been happening  
> with
> ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo has
> caught on at all?
>
> It annoys me every time I have to type in my password, and it bothers me
> more that it would be straightforward to lift my password in plaintext  
> if I
> sudo on a compromised host. I started searching around and saw that there
> was a talk back in 2008 [1] that covers some implementation of this  
> idea. I
> haven't listened to the talk yet, but is there an implementation  
> available
> somewhere? Do people use it? On which platforms?
>
> Yes, I know I can avoid sudo altogether and just add my public key to  
> root.
>
> [1] http://www.nycbug.org/index.php?NAV=Home;SUBM=10160


michael lucas just did a write up on sudo auth via ssh-agent. this which i  
am working on implementing on my systems:

http://blather.michaelwlucas.com/archives/1106

-pete

-- 
Pete Wright
pete at nomadlogic.org
www.nomadlogic.org



More information about the talk mailing list