Authentication on Untrusted Remote Hosts with Public-key Sudo

Burnside, Matthew Spindel; Lu, Mack; Keromytis, Angelos D.

Two common tools in Linux- and UNIX-based environments are SSH for secure communications and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this paper, we describe a weakness in their interaction and present our solution, public-key sudo. Public-key sudo1 is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. We describe our implementation of a BSD SSH authentication module and the SSH modifications required to use this module.



Also Published In

Proceedings of the 22nd Large Installation System Administration Conference (LISA '08): November 9-14, 2008, San Diego, California, USA
USENIX Association

More About This Work

Academic Units
Computer Science
Published Here
March 9, 2012