Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 17459 ideas, 107690 comments, 2263278 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #19273: Implement public/private key authentication for sudo

Written by reacuna the 17 Apr 09 at 14:29. Category: Server. Related project: Nothing/Others. Status: New
Rationale
It's very common to log in to a remote server using SSH and then performing administrative tasks using sudo. However, the most common usage scenario for sudo is that it asks for a password. Though it is possible to disable the password prompt in sudo, this creates security problems.

It is possible to extend sudo to use the SSH credentials. There is a paper that describes this here: http://www.usenix.org/event/lisa08/tech/full_papers/burnside/burnside_html/inde x.html

It would be a great improvement to those who have to administrate multiple servers to enable this kind of functionality.

24
votes
up equal down
Solution #1: Implement the proposed solution in this paper
Written by reacuna the 17 Apr 09 at 14:29.
This paper describes a possible solution for this scenario: http://www.usenix.org/event/lisa08/tech/full_papers/burnside/burnside_html/inde x.html

Propose your solution

Attachments
No attachments.


Duplicates


Comments
Darwin Survivor wrote on the 17 Apr 09 at 19:10
Why would you be having other users log in to an account with sudo privileges if you don't want them to have sudo...?

Or do you want sudo to use either the password "or" the key?

reacuna wrote on the 18 Apr 09 at 05:19
I'm referring to your second option... to be able to use sudo with a password OR the key. That way, using the ssh-agent from the client, it would be possible to authenticate to sudo in the server, thus not requiring a password, but being able to use sudo "securely".


Post your comment