stackoom
  简体   繁体   中英

Switch user with “sudo su - username” using SSH keys

 原文  2013-06-12 09:16:58       linux/ ssh/ ssh-keys

Question

I've been trying to use ssh keys in order to be able to switch from one user to another user on the same Linux machine/server by using sudo su - username .

What i want to do is: I have several accounts on one server. I want to lock those account with passwd -l username , and allow access only with SSH keys, by ssh-ing from one user to the other on the same machine, eg, : [user1@server]$ ssh user2@server

I did this by copying the public key of user1 to the authorized_keys file of user2 and it works fine.

But the other thing that i would like also to do, is to be able to sudo su - user2 from user1 , by using the ssh keys, so i can avoid the password prompting.

eg, [user1@server]$ sudo su - user2

I have modified the sshd_config file, and uncomment the fields: 

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no

but still i am not able to do it.

I also tried what i found on the internet regarding agent forwarding, but nothing.

Can anyone help me on how to do this or point me to the right direction?

2 answers

solution1
 4  2013-06-12 09:35:30

sudo has nothing to do with SSH and sshd config.

What you really want is a PAM module that will use SSH public keys. I'm not sure what are your reasons as the whole idea seems a bit strange, but, well. pam_ssh is the module that does this.

solution2
 4  2013-06-12 10:07:14

To get sudo to work passwordless to another user these are the changes required (perform them with super user access):

edit /etc/sudoers 

visudo

Config changes 

# Allow user to sudo su as anyone without password
user    ALL=(ALL)       NOPASSWD: ALL
%group  ALL=(ALL)       NOPASSWD: ALL

# Allow user to become another user
user    ALL=(user2)    NOPASSWD: ALL
%group  ALL=(user2)    NOPASSWD: ALL

now with the latter sudo su - user2 should work

The only stumbling block was the user to be added to sudo group 

usermod -a -G sudo user

The examples above in the config shows the user first then by group - you only need 1 of the two -

Edited: 

visudo

%group2    ALL=(ALL:ALL)    PASSWD: ALL
%group1    ALL=(ALL:ALL)    NOPASSWD: ALL

add run group 

groupadd group1
groupadd group2

so for users that require a password 

usermod -a -G group2 user1
usermod -a -G group2 user2
etc..

for users that require no password: 

usermod -a -G group nuser1
usermod -a -G group nuser2
etc

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using su/sudo when accessing remote Git repositories over SSH Switch to root ( using "sudo su -" ) before executing a command via Ansible Java switch user using su on linux switch user (su) hanging how to sudo su during ssh remote command unable to sudo su using paramiko How to access user's ssh keys from the program that is run with sudo? Switch user "su" switches to bash sudo su user -c with arguments not working sudo su with user name, password and command
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM