Hello everybody! I'd like to present a feature wish: using ssh as a substitue for su. Of course, if I have a forwarding agent (or the correct key) I can simply do a ssh -l <other_user> localhost but that's not really optimal - the environment gets lost as I'm newly logged in, agent forwarding has one more hop to traverse, the data is once more en/decrypted, ... So I propose a new ssu tool which uses the current ssh-agent (or key in the filesystem) to verify authorization to su to another user (without using a password). Alternatively it may be possible (at least on some systems) to use a PAM-Module which does this. Usage: ssu [-] [Username] [-i identityFile] [-c command] It has the verification part of sshd and the frontend of ssh. Comments? Regards, Phil
On Wednesday 26 June 2002 08:35, orlando wrote:> Wouldn't > ssh root@<ip_addr> "command as root" > > accomplish this?Yes, it would. But at the overhead of a ssh process, a new chain of sshd and subprocesses, losing all environment, and encryption/decryption of all data via loopback. That's why I suggest doing a ssh-su which avoid all these and just uses ssh keys or the agent to verify the authorization. Regards, Phil
Possibly Parallel Threads
- substitute/paste question for using Greek in plot titles
- [Bug 3570] New: Add substitution token for explicitly selected IdentityFile for ControlPath selection
- ActiveRecord::AssociationTypeMismatch (User(#54754560) expected, got User(#54510280))
- [PATCH 1/5 ovirt-server] Add glusterfs to task-omatic API for {task_storage,utils}
- known_hosts question for Ubuntu Server 14.04 and 16.04 LTS