Note that the key should be separated from this header by a space character.
prepend the public part with the following: from="127.0.0.1",command="your_desired_command_here",no-pty,no-port-forwarding,no-agent-forwarding (you can also restrict the SSH session further, see "man sshd"). Re: the original question - if you need some privileged command to be executed by non-privileged users you may use the following trick: I wrote an article on the sudo (mis)usage if you are interested to learn more on the topic: I suggest to avoid even installing sudo on your systems: it's an additional attack vector with usually no justification for having it. Why is this module or similar process is not part of standard Linux distro configs? Is there some security caveat I'm missing why this is not more widely adopted? Why passworded sudo is considered to be more secure than public/private key sudo? It seems like with this module in place we can have completely passwordless accounts. While doing some research on this topic I found pam_ssh_agent_auth project, which from my understanding enables the same private/public key authentication as used for ssh connections but for sudo command. I would still want some sort of authentication before users can run sudo commands. I know about sudoers file and NOPASSWORD parameter. #Ubuntu sudo su how to#
That means I still need to generate passwords for these users and figure out how to securely get it to them.
However, this process becomes useless when these users need to run sudo - the server is still asking for their passwords. This is great because when I create accounts for remote users I don't have to email them sensitive info(passwords). SSH with public-private key authentication comes enabled by default with most Linux distributions.
0 kommentar(er)
