ssh -i ~/.ssh/foo 2 : Running commands via sudo without entering a password You should now be able to ssh in with your key without a password and you should not be able to ssh in as any user without a key. On the server : sudo passwd -l rootĮdit /etc/ssh/sshd_config sudo nano `/etc/ssh/sshd_config`Ĭhange the following : PasswordAuthentication no Test the key ssh -i ~/.ssh/foo it works, unset a root password and disable password login. Set a root password, use a strong one sudo passwdįrom the client, Transfer the key to the server ssh-copy-id -i ~/.ssh/foo "foo" the the name of your key and enter your server root password when asked. Restart the server sudo service ssh restart Make sure you allow root to log in with the following syntax PasswordAuthentication yes On the server (where you ssh TO)Įdit /etc/ssh/sshd_config sudo nano /etc/ssh/sshd_config To do this you must temporarily allow root to ssh into the server. Next you need to transfer the key to the server. When you are prompted for a password, just hit the enter key and you will generate a key with no password. The -f option specifies a file name, foo is an example, use whatever name you wish. I highly suggest you give it a name rather then using the default ssh-keygen -f foo On the client (where you ssh FROM)įirst make a ssh key with no password. If you do not have root access on the server, contact the server administrator for help. One way or another you need root access on the server to do this. Easiest method is to temporarily allow root to log in over ssh via password. If the target user's login shell is not /bin/bash then adjust the above line accordingly.To set up a passwordless SSH connection for the root user you need to have root access on the server. user1 ALL=(user2) NOPASSWD: /bin/bash -c /usr/local/bin/script.sh Therefore you must not include -l in sudoers. sudo sets $0 to -bash and the leading dash is what makes this bash a login shell. Note there is no -l that would force a login shell. This is the command you want to allow with NOPASSWD in sudoers file. You tried to do: sudo -i -u user2 /usr/local/bin/script.shĪssuming the target user's shell is bash, the command that your sudo run was like: /bin/bash -c /usr/local/bin/script.sh If no command is specified, an interactive shell is executed. The command and any arguments are concatenated, separated by spaces, after escaping each character (including white space) with a backslash ( \) except for alphanumerics, underscores, hyphens, and dollar signs. If a command is specified, it is passed to the shell as a simple command using the -c option. This means that login-specific resource files such as. Run the shell specified by the target user's password database entry as a login shell. #includedir ls like setting the target user's ENV variables in the script itself is the only option but updating script is my last option, hence looking for a better/alt solution. User1 ALL=(user2) NOPASSWD: /usr/local/bin/script.sh My setup: egrep "^|^#include" /etc/sudoersĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" So my query is how could I run sudo -i without password prompt. The problem is that it prompts for password which is a problem for automation. Then I tried below - sudo -i -u user2 /usr/local/bin/script.shīut it asks for the password, if I type in the password then the script runs just fine. It runs but a part of actual execution fails becoz of user2 's environment is NOT set. Codename: user1 and need to run a script as user2 and there must NOT be any password prompt.Īdded below line to sudoers (using visudo of course) user1 ALL=(user2) NOPASSWD: /usr/local/bin/script.shĪnd then I ran the below command as user1 sudo -u user2 /usr/local/bin/script.sh
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |