NYC LOCAL: Wednesday 6 August NYCBUG: Matthew Burnside on bad interaction of ssh and sudo, and a fix, Public Key sudo
what="official NYCBUG announcement">
Date: Mon, 04 Aug 2008 13:31:21 -0400
From: NYC*BUG Announcements <email@example.com>
Subject: [announce] NYC*BUG: Wednesday on Public Key sudo
August 06, 2008
Public Key sudo
6:30pm, Suspenders Restaurant
Two tools which have become the norm in Linux- and Unix-based
environments are SSH for secure communications, and sudo for performing
administrative tasks. These are independent programs with substantially
different purposes, but they are often used in conjunction. In this
talk, I describe a flaw in their interaction, and then present our
solution called public-key sudo.
Public-key sudo is an extension to the sudo authentication mechanism
which allows for public key authentication using the SSH public key
framework. I describe our implementation of a generic SSH authentication
module and the sudo modifications required to use this module.
Matthew Burnside is a Ph.D. student in the Computer Science department
at Columbia University, in New York. He works for Professor Angelos
Keromytis in the Network Security Lab ([url]http://nsl.cs.columbia.edu/[/url]). He
received his B.A and M.Eng from MIT in 2000, and 2002, respectively. His
research interests are in network anonymity, trust management, and
enterprise-scale policy enforcement.
announce mailing list
Distributed poC TINC:
Jay Sulzberger <firstname.lastname@example.org>
Corresponding Secretary LXNY
LXNY is New York's Free Computing Organization.