SSH script with SSH keys and sudo privileges

Kefijoo · 05-29-2017, 08:21 AM

I have a additional questions regarding SSH keys:
If you connect using SSH with SSH keys and run commands which require sudo privileges, how do you do this? With a password, you would run the sudo command and enter a pwd for more privileges, but how to do this in a script?

This question is related to the following thread:

Quote:

Originally Posted by gsr_kashyap

ssh login using a script

Turbocapitalist · 05-29-2017, 08:43 AM

Welcome.

You'll have to work through it in several steps, first manually then in a more automated fashion. You'll probably want to make a separate key for this activity, then add command="sudo something in the public key which you've placed in authorized_keys on the server. For that, see the manual page for sshd in the section on "authorized_keys file format"

Code:

man sshd

When that works manually, modify /etc/sudoers so that the command with its specific parameters (and only those parameters) can be run with no password. For that see the manual page for sudoers

Code:

man sudoers

And if you need more background, ask here. But also spend the time to go through the book sudo Mastery by Michael W Lucas or else his presentation:

sudo: you're doing it wrong (slides)
sudo: you're doing it wrong (video)

The idea is to use sudo with the least amount of privilege possible to get the job done.

NevemTeve · 05-29-2017, 09:42 AM

Guess the actual question is: how to configure /etc/sudoers
Here is an example:

Code:

teddy ALL=NOPASSWD: /sbin/halt "", /sbin/reboot "", /bin/umount /dev/cdrom

user teddy might execute the listed commands without password; e.gm sudo /sbin/halt (resulting /sbin/halt as root)

Kefijoo · 06-09-2017, 02:27 AM

Thank you both, this helped me a lot. I wasn't sure if I had to modify sudoers, but it seems the way to go.