secure root access with SUDO

dussel · 02-14-2006, 08:47 AM

Hallo all,

Is there anyone that are expert on SUDO?

I want to let a few administrators get the privilege to run ROOT command with sudo, I have added them to wheels group on my RedHat server and it works fine to run the ROOT commands.

But I want to secure it even more if possible, I want instead of they use their user-password to use sudo, want's I to use RSA key authentication.

Do anyone know if it possible to get sudo to work with key-authentication?

Thanks in advance!

Cheers

Düssel

satinet · 02-15-2006, 04:56 AM

its quite easy to set this up in sudo without keys.

why do you want to use keys? to run commands on remote hosts or something?

bulliver · 02-15-2006, 05:15 AM

Quote:

why do you want to use keys?

As he mentioned, he just wants more security.

The "-a" switch in the sudo manpage states that other authentication methods may be used, but does not say if key-authentication is among them.

satinet · 02-15-2006, 06:30 AM

yeah i realise, that but i'm not sure how keys would be appropriate here. what are you exchanging public/private keys between?

dussel · 02-15-2006, 08:26 AM

No, I only got the idea of it when I read of a really old open-source project (ssu (secure su)), but it looks like it is not active any longer. It sounded as quite interesting idea they had, so I hoped that SUDO mabe also had implemented a little such possibilities also.

I will test with -a, it is always fun to check out new things.

Thanks for the tip with -a!