NYCBUG

Future Meetings: 2008-08-06 - Public Key sudo; 2008-10-11 - NYCBSDCon 2008
Past Meetings: 2008-07-02 - Configuration Management with Cfengine; 2008-06-04 - NYCBSDCon 2008 Organizing Meeting; 2008-05-07 - Managing OpenBSD Environments; 2008-04-02 - ZFS on FreeBSD; 2008-03-20 - Building a High-Performance Computing Cluster Using FreeBSD; 2008-03-05 - User Interfaces and How People Think; 2008-02-06 - Open Meeting on OpenSSH; 2008-01-09 - SSARES; 2007-12-13 - 2007 NYTC Holiday Party; 2007-11-07 - IPv6 Workshop; 2007-10-03 - IPv6 Implementation; 2007-09-05 - Cryptography in Web Apps; 2007-08-23 - NYCBUG-NYPHP Social; 2007-08-01 - Nagios; 2007-07-05 - The Real Unix Tradition; 2007-06-06 - DOS Mitigation; 2007-05-02 - pkgsrcCon; 2007-04-04 - OpenCVS; 2007-03-07 - Enterprise Security Mgmt; 2007-02-07 - Subversion; 2007-01-03 - PF; 2006-12-07 - 2006 Holiday Party; 2006-11-01 - NYCBSDCon 2006; 2006-10-04 - NYCBSDCon planning; 2006-09-06 - m0n0wall and PFSense; 2006-08-02 - Open Forum; 2006-07-05 - Sendmail Hacks; 2006-06-07 - Open Forum; 2006-05-03 - VPN & PAE; 2006-04-05 - Open Forum; 2006-03-01 - Systrace for Slackers; 2006-02-01 - Xen and the Art of SysAdmin; 2006-01-04 - Java on FreeBSD; 2005-12-07 - Jail(8); 2005-11-02 - Time Mgmt for SysAdmins; 2005-10-05 - The Summer of Code; 2005-09-17 - NYCBSDCon 2005; 2005-08-03 - Challenges of large Unix environ; 2005-07-06 - OpenBSD IPsec stack; 2005-06-01 - Open Source Software; 2005-05-04 - Heimdal Kerberos on NetBSD; 2005-04-06 - FreeBSD port maintenance; 2005-03-02 - OpenBSD on PA-RISC; 2005-02-02 - pkgsrc; 2005-01-05 - Anatomy of a Hack; 2004-12-01 - 2004 Holiday Party; 2004-11-03 - Lok Technology, Inc.; 2004-10-16 - Meet Mr. McKusick; 2004-10-06 - Cancelled; 2004-09-01 - Jail(8); 2004-08-04 - OpenBSD on Soekris; 2004-07-07 - Secure Architectures; 2004-06-02 - Hacking Your iBook; 2004-05-05 - BSD Consulting; 2004-04-07 - OS X, Darwin and BSD; 2004-03-03 - NetBSD crypto disk; 2004-02-04 - OpenBSD Security

August 06, 2008

Public Key sudo

Two tools which have become the norm in Linux- and Unix-based environments are SSH for secure communications, and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this talk, I describe a flaw in their interaction, and then present our solution called public-key sudo.

Public-key sudo is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. I describe our implementation of a generic SSH authentication module and the sudo modifications required to use this module.

Bio

Matthew Burnside is a Ph.D. student in the Computer Science department at Columbia University, in New York. He works for Professor Angelos Keromytis in the Network Security Lab. He received his B.A and M.Eng from MIT in 2000, and 2002, respectively. His research interests are in network anonymity, trust management, and enterprise-scale policy enforcement.