ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. sudo
    Log in to post
    • All categories
    • Pete.S

      sudo problems
      IT Discussion • sudo ssh root certificate • • Pete.S

      33
      0
      Votes
      33
      Posts
      475
      Views

      Pete.S

      @jaredbusch said in sudo problems:

      @pete-s said in sudo problems:

      @jaredbusch said in sudo problems:

      @scottalanmiller said in sudo problems:

      @jaredbusch said in sudo problems:

      @scottalanmiller said in sudo problems:

      @pete-s said in sudo problems:

      We want to move to using ssh certificates on our servers and remove all passwords.

      That's what we do.

      Since when? What do you use to manage and generate certificates?

      Generate with ssh-keygen. Manage with a wiki. We are only so big, so it works fine.

      That is not certificates. That is keys. Completely different.

      I don't know what @scottalanmiller uses but ssh-keygen is used to generate ssh certificates as well.

      From the man page:
      ssh-keygen supports signing of keys to produce certificates that may be used for user or host authentication. Certificates consist of a public key, some identity information, zero or more principal (user or host) names and a set of options that are signed by a Certification Authority (CA) key. Clients or servers may then trust only the CA key and verify its signature on a certificate rather than trusting many user/host keys. Note that OpenSSH certificates are a different, and much simpler, format to the X.509 certificates used in ssl(8).

      But if you are automating certificate generation, you need to wrap this in something.

      No, ssh-keygen does not do this (ssh certificate generation).

      As you highlight, it can be used as part of the certificate process. But it cannot, and never will, be the certificate authority. Thus it is not the tool for this this.

      You're actually mistaken because I've done it many times now. A Certification Authority, when it comes to openssh certificates, is really just a key pair that you carefully guard.

      You create certificates by using the CA keys to sign other public keys from users and hosts. The result is a certificate named *-cert.pub

      And you do all of this with the ssh-keygen utility.

      Similar to how you can create CA and everything else for the more complex x509 certificates with just openssl.

    • Romo

      Critical buffer overflow in sudo: CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
      IT Discussion • sudo cve-2021-3156 • • Romo

      4
      0
      Votes
      4
      Posts
      219
      Views

      JaredBusch

      @travisdh1 yup

      8CF63B2B-CF0F-403B-9B30-689D782ACDC5.jpeg

    • IRJ

      How to save a file in vim when you forget to sudo
      IT Discussion • vim sudo • • IRJ

      9
      15
      Votes
      9
      Posts
      321
      Views

      wirestyle22

      Yeah I'm wrong. sudo being involved means it can't be privilege escalation because you're getting the proper amount of access.

    • scottalanmiller

      Windows 10 Allowing a Regular User to Launch One Application as Admin
      IT Discussion • windows windows 10 security runas sudo runastool • • scottalanmiller

      6
      3
      Votes
      6
      Posts
      304
      Views

      JaredBusch

      The first time it is used, we have to manually type the domain\localadmin password.
      995d4dcc-8f3f-428f-a56e-aafa241ca644-image.png
      After that it is stored in credential manager.
      e44ddd17-77ee-4318-a779-8edbc1471c2a-image.png

    • EddieJennings

      SSH and FreePBX
      IT Discussion • freepbx 13 ssh security sudo cli • • EddieJennings

      10
      0
      Votes
      10
      Posts
      5488
      Views

      JaredBusch

      And easy enough to resolve once I look.

      @EddieJennings you should have reminded me to look more earlier..

      /etc/sudoers has it commented out.

      ## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
    • scottalanmiller

      UNIX: sudo
      IT Discussion • unix linux freebsd bsd sam linux administration sam freebsd administration security solaris sudo • • scottalanmiller

      1
      1
      Votes
      1
      Posts
      1051
      Views

      No one has replied

    • mlnews

      Configuring sudo for Two Factor Authentication from HowToForge
      News • howtoforge ubuntu centos two factor pam security authentication sudo radius • • mlnews

      1
      2
      Votes
      1
      Posts
      651
      Views

      No one has replied