shadedecho
Programmer
I have a simple c++ program that i've written which forks a process, calls ssh so it can execute a remote command, and relies on root's private key (by passing the command line switch -i/root/.ssh/id_dsa) to be able to make the ssh connection without a password prompt.
i have set the c++ program to be SUID root. When I execute my program while logged in as root, everything works fine.
when I change to another non-root user, and try to run the command, ssh throws out an warning that the identity file i am referring to could not be found. So then I try not specifying the identity file in my program, hoping that ssh will just find the right root cert to use. I don't get that warning about the identity file being missing, but it still tries to prompt me for that password.
so, putting back in the reference for the identity file into my execvp() command, now I try to set ssh as SUID root. try again, still same thing.
so i try enabling "ssh-keysign" (with "EnableSSHKeysign yes" in my ssh_config file). I then also set ssh-keysign binary to be SUID root. I try my program again, and again, I get the same inability for my non-root login account to execute a program that wants to use ssh and root's identity file.
I have verified that my program is in fact running SUID root, by having it write out a file to /tmp and checking it's perms, it's owned by root:root.
So, what can I do to get my program to get the ssh login to use root's identity file when the logged in user is non-root?
(and yes, yes, yes, I do understand the security implications of what I am trying to do)
i have set the c++ program to be SUID root. When I execute my program while logged in as root, everything works fine.
when I change to another non-root user, and try to run the command, ssh throws out an warning that the identity file i am referring to could not be found. So then I try not specifying the identity file in my program, hoping that ssh will just find the right root cert to use. I don't get that warning about the identity file being missing, but it still tries to prompt me for that password.
so, putting back in the reference for the identity file into my execvp() command, now I try to set ssh as SUID root. try again, still same thing.
so i try enabling "ssh-keysign" (with "EnableSSHKeysign yes" in my ssh_config file). I then also set ssh-keysign binary to be SUID root. I try my program again, and again, I get the same inability for my non-root login account to execute a program that wants to use ssh and root's identity file.
I have verified that my program is in fact running SUID root, by having it write out a file to /tmp and checking it's perms, it's owned by root:root.
So, what can I do to get my program to get the ssh login to use root's identity file when the logged in user is non-root?
(and yes, yes, yes, I do understand the security implications of what I am trying to do)