Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Help with su

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Help with su
# 8  
Old 03-03-2009
Help with su
Hi Auto cross,

Thxs for replying.

But could you please be a little more descriptive about how to use ssh with key-based authentication as I tried manning it and searching it in google but was unable to implement the same in my script.

So ,could you please elaborate a little more about this procedure.

MAny Thanks.
# 9  
Old 03-03-2009
Here's an article that explains how to setup key-based authentication:
Linux.com :: Using key-based authentication over SSH

You may want to google around for other examples if this one doesn't work for you.

After the public key for USER_A has been created and appended to the authorized_keys file of USER_B, you can run local scripts like this:

As USER_A:
ssh USER_B@localhost /path/to/script

You would need to copy the public key to each user's authorized_keys file that you wish to execute commands as.
# 10  
Old 03-03-2009
I should not give you my dirty tricks...
Watch:
Code:
ant:/rdm/users/jju $ remsh ant -l vbe                                             
Please wait...checking for disk quotas
(c)Copyright 1983-2000 Hewlett-Packard Co.,  All Rights Reserved.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-1992 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993  The Open Software Foundation, Inc.
(c)Copyright 1986 Digital Equipment Corp.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2000 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.
(c)Copyright 1991-2000 Isogon Corporation, All Rights Reserved.


                           RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.

                           Hewlett-Packard Company
                           3000 Hanover Street
                           Palo Alto, CA 94304 U.S.A.

Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).
You have mail.
ant:/home/vbe $    
ant:/home/vbe $ exit                                                                 
logout
Connection closed.
ant:/rdm/users/jju $ id
uid=6206(jju) gid=20(users)

You've guessed?
Last edited by vbe; 03-03-2009 at 01:58 PM.. Reason: completed screenhardcopy
# 11  
Old 03-04-2009
Help with su
Quote:
Originally Posted by vbe
I should not give you my dirty tricks...
Watch:
Code:
ant:/rdm/users/jju $ remsh ant -l vbe                                             
Please wait...checking for disk quotas
(c)Copyright 1983-2000 Hewlett-Packard Co.,  All Rights Reserved.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-1992 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993  The Open Software Foundation, Inc.
(c)Copyright 1986 Digital Equipment Corp.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2000 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.
(c)Copyright 1991-2000 Isogon Corporation, All Rights Reserved.
 
 
                           RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.
 
                           Hewlett-Packard Company
                           3000 Hanover Street
                           Palo Alto, CA 94304 U.S.A.
 
Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).
You have mail.
ant:/home/vbe $    
ant:/home/vbe $ exit                                                                 
logout
Connection closed.
ant:/rdm/users/jju $ id
uid=6206(jju) gid=20(users)

You've guessed?
Hi vbe,

Thanks for the reply.

As fas as I have guessed its something to do with uid.
But I am not sure how to use it.

Could you please throw some light on it??

Many Thanks

Taran
# 12  
Old 03-05-2009
Not really...I did this to show show you (what you want...) I changed UID without being asked anything...

So,
How do you connect to a remote host without being asked anything?
(and of course is considered as a potential security breach...)

(Sorry fo the late reply, very busy lately...)
# 13  
Old 03-06-2009
Hi vbe,

Thxs for the reply... But I am unable to comprehend what exactly do you want me to tell??
Could you please be a bit more elaborative

Many Thanks
Taran
# 14  
Old 03-06-2009
Taran,

Can you access the accounts that you need to "su - " to legally?

If yes, then go the "ssh traded keys" route.

On most of our servers, we disable "rsh/remsh". Check it via inetadm or in /etc/inetd.conf.

OR, even though you may not have "root", you can ask your Unix engineers to chown/chmod the script once you have finished writing it.
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question