As it is well known, it is recommended that the system administrator login to the system using a normal user (non-root). When the admin needs to do privileged tasks, sudo
can be used to become superuser. Before gaining the requested privileges, the admin will be prompted to enter the SAME password used in the first login.
I was wondering whether it is possible to configure the system to ask the user for a different password when doing sudo
. So, the user will have two passwords. The first password will provide access to SSH session. The other password (not the same one) will be used to gain the admin (root) privileges.
Is this possible? I think it will add more security to the system. Do you agree?
BTW, this will be similar to the access control used by Cisco devices. First, the admin login using a password. Then, accessing "enabled" (privileged) mode requires another password (can be different or same password).
SSH via a password is less secure than SSH with a DSA/RSA certificate. Create a certificate with a password. Then give the sys admin account a different password.
You will only be able to login via SSH if you have the certificate AND know the password associated with it.
You can then use a different password for running sudo (the user's password).
This gives you a lot more security!
Remember to use pass phrases and not passwords too. The difference being a pass phrase is made up of many words (greater than 20 characters say). The longer the password, the more time it would take to break via dictionary attacks.
To create a certificate:
You might want to look towards using
su root
instead ofsudo
, but I strongly recommend to follow the answer tommed has provided.