[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pam_ssh_agent_auth on a Guix System?
|
From: |
Felix Lechner |
|
Subject: |
Re: pam_ssh_agent_auth on a Guix System? |
|
Date: |
Tue, 30 May 2023 10:34:15 -0700 |
Hi Giovanni,
On Tue, May 30, 2023 at 9:59 AM Giovanni Biscuolo <g@xelera.eu> wrote:
>
> AFAIU pam_ssh_agent_auth https://pamsshagentauth.sourceforge.net/ is not
> already packaged in Guix, or am I missing something?
I was not able to find it, either.
> I'd like to execute sudo without having to set and enter a password [1]
> and that PAM module is needed
You could also add a line like this to your /etc/sudoers (but I don't
recommend it)
user_name ALL=(ALL) NOPASSWD:ALL
> is someone already using such a configuration in a Guix System?
Not quite. I added my public ssh key to root's authorized_keys. It's
different from what you are looking for but gives you a root prompt
with 'ssh root@localhost`. I did it because it's required for 'guix
deploy'.
Personally, I have not used the SSH agent, but it's an interesting
avenue. I use Kerberos instead, which is probably the gold standard
for distributed authentication. You are doing the right thing by
thinking about your options.
When playing with PAM, please remember that PAM can never elevate
privileges of its own process. It is a shared library that runs as
part of a privileged executable (often setuid root). PAM decides
whether someone hoping to use the executable is authorized to do so.
Kind regards
Felix