Authentication on Untrusted Remote Hosts with Public-key Sudo
Matthew Spindel Burnside; Mack Lu; Angelos D. Keromytis
- Authentication on Untrusted Remote Hosts with Public-key Sudo
Burnside, Matthew Spindel
Keromytis, Angelos D.
- Computer Science
- Permanent URL:
- Book/Journal Title:
- Proceedings of the 22nd Large Installation System Administration Conference (LISA '08): November 9-14, 2008, San Diego, California, USA
- USENIX Association
- Publisher Location:
- Berkeley, CA
- Two common tools in Linux- and UNIX-based environments are SSH for secure communications and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this paper, we describe a weakness in their interaction and present our solution, public-key sudo. Public-key sudo1 is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. We describe our implementation of a BSD SSH authentication module and the SSH modifications required to use this module.
- Computer science
- Item views: