Dustin
091d9e1f78
The [pam_ssh_agent_auth][0] PAM module authenticates users using keys in their SSH agent. Using SSH agent forwarding, it can even authenticate users with keys on a remote system. By adding it to the PAM stack for `sudo`, we can configure the latter to authenticate users without requiring a password. For servers especially, this is significantly more secure than configuring `sudo` not to require a password, while still being almost as convenient. For this to work, users need to enable SSH agent forwarding on their clients, and their public keys have to be listed in the `/etc/security/sudo.authorized_keys` file. Additionally, although the documentation suggests otherwise, the `SSH_AUTH_SOCK` environment variable has to be added to the `env_keep` list in *sudoers(5)*. [0]: https://github.com/jbeverly/pam_ssh_agent_auth |
||
|---|---|---|
| .. | ||
| defaults | ||
| files | ||
| tasks | ||
| templates | ||