On Linux hosts (CentOS6), I’ve taken great care to utilize two-factor remote shell authentication and limit root access with sudo. But while SSH authentication via the Pageant agent works great for Putty on Windows, with no /etc/passwd password required, it always struck me funny that a password was still needed for sudo authentication.

If only there was a way to use the SSH key-pair to authenticate the sudo access and not require the /etc/passwd password prompt at all. There is!

(continue reading…)