[Discuss] ssh keys question

[me at mattgillen.net (Matthew Gillen)]

On 06/17/2016 02:20 PM, Rich Braun wrote:
> I often wish sudo had functionality similar to ssh-agent: a way to require a
> token established at session start, rather than a password entered every time.

That is certainly possible to configure:

man sudo:
> Security policies may support credential caching to allow the user to run sudo again for a period of time without requiring authentication.  The
>      sudoers policy caches credentials for 5 minutes, unless overridden in sudoers(5).  By running sudo with the -v option, a user can update the
>      cached credentials without running a command.

man sudoers:
>  sudoers uses per-user time stamp files for credential caching.  Once a user has been authenticated, a record is written containing the uid that
>      was used to authenticate, the terminal session ID, and a time stamp (using a monotonic clock if one is available).  The user may then use sudo
>      without a password for a short period of time (5 minutes unless overridden by the timeout option).  By default, sudoers uses a separate record
>      for each tty, which means that a user's login sessions are authenticated separately.  The tty_tickets option can be disabled to force the use of
>      a single time stamp for all of a user's sessions.