[Discuss] ssh keys question
Matthew Gillen
me at mattgillen.net
Fri Jun 17 14:41:17 EDT 2016
On 06/17/2016 02:20 PM, Rich Braun wrote:
> I often wish sudo had functionality similar to ssh-agent: a way to require a
> token established at session start, rather than a password entered every time.
That is certainly possible to configure:
man sudo:
> Security policies may support credential caching to allow the user to run sudo again for a period of time without requiring authentication. The
> sudoers policy caches credentials for 5 minutes, unless overridden in sudoers(5). By running sudo with the -v option, a user can update the
> cached credentials without running a command.
man sudoers:
> sudoers uses per-user time stamp files for credential caching. Once a user has been authenticated, a record is written containing the uid that
> was used to authenticate, the terminal session ID, and a time stamp (using a monotonic clock if one is available). The user may then use sudo
> without a password for a short period of time (5 minutes unless overridden by the timeout option). By default, sudoers uses a separate record
> for each tty, which means that a user's login sessions are authenticated separately. The tty_tickets option can be disabled to force the use of
> a single time stamp for all of a user's sessions.
More information about the Discuss
mailing list