IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: draft minutes from meeting at ietf50..



On Mon, 23 Apr 2001, Markus Friedl wrote:

> this does not fork for 'interactive shell sessions', e.g. if i
> login in and type 'su'. the authentication used in the ssh connection
> is not relevant.

True (I believe I mentioned that in the part of my post you didn't quote).
So, a) don't do that, use ssh -l root, or b) is there any way to re-write
"su" so that it connects back to the ssh client machine to request
authentication?  Can su be rewritten to use the ssh-agent?  Do the ssh
protocols allow "sideband" control channels that could be opened from the
remote end?  I like a), plus setting "su" to fail for network users.  But
some of b) has interesting possibilities.




Home | Main Index | Thread Index | Old Index