11-11-2007
Quote:
Originally Posted by
jOOc
Can you config sudo to use the passphrase in the user ssh-key instead of the one in the passwd?
Short answer: No sorry.
The passphrase would be on the client side anyway (to decrypt their private key) so couldn't be trusted by the sshd end.
I'd suggest sticking with NOPASSWD if you really can't have a local password for the user (I fail to see why this needs to be that way though...)
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
ok...I'm stumped on this one. I cannot figure out how to carry over my environment variables with a sudo command. I need to install an application under root and only have sudo access to get there. I can use ssh -Y <host> and launch an xwindows session successfully as myself but as soon as I sudo... (3 Replies)
Discussion started by: scottsl
3 Replies
2. UNIX for Advanced & Expert Users
Hi,
I would like to know how i can perform a task, while performing ssh, sudo and command at the same time.
What I generally do is I ssh to the server, where i created private and public, so it does not prompt me for password all the time. Then i need to run "sudo su - ldaprole" to get into... (9 Replies)
Discussion started by: john_prince
9 Replies
3. UNIX for Advanced & Expert Users
Hi,
I am trying to execute some command, via ssh and sudo.
Here is what i want to do.
ssh localhost | sudo su - ldaprole | ls -ltrh
However, this command gives me listing of my home directory, and not of ldaprole.
If I logic directly, when i perform sudo su - ldaprole, it... (5 Replies)
Discussion started by: john_prince
5 Replies
4. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
5. Programming
Is there a way to transfer my sudo password via ssh so that I can copy files remotely and pass them locally, so:
cat sudo-passwd-file|ssh -t user@10.7.0.180 'sudo find / -depth|cpio -oacv|gzip' > /path/to/dir/file.cpio.gz
I am in the process of a creating a script. Everytime I try and just... (16 Replies)
Discussion started by: metallica1973
16 Replies
6. Red Hat
I am not sure what I am missing here. I have the following identical entry in /etc/sudoers on multiple Red Hat 6.4 servers.
icinga ALL=NOPASSWD:/usr/bin/yum --security --exclude\="kernel*" check-update
On one server when I enter the command over SSH as follows it works fine.
ssh -t -q... (1 Reply)
Discussion started by: scotbuff
1 Replies
7. Shell Programming and Scripting
when the following command is issued the command prompt is received, how do I get past this?
ssh -t usera@hosta sudo su - userb -c id (4 Replies)
Discussion started by: squrcles
4 Replies
8. Shell Programming and Scripting
Hi Experts,
I am new to Shell scripting. I want to login to a server using a script. The normal command I use is --> sudo ssh <Servername> . when i tried putting this into a txt format file and tried running, it throw an error "can't execute". I am an Admin and i have root access. Any help would... (6 Replies)
Discussion started by: Tom1989
6 Replies
9. Cybersecurity
I'm confused in the configuration of sudoers for one group of users.
The users need to execute a app from a remote machine, in this local machine they want me to allow ssh for them using sudo
for eg. sudo -u admin ssh -X euadmin@<IP address of remote> <remote script which opens a gui>
It... (1 Reply)
Discussion started by: anandk
1 Replies
10. Shell Programming and Scripting
Hey everybody,
currently I am having an issue that I need to open an ssh session to a remote host, once on the remote host I need to use sudo and then execute sqlplus. Once the sqlplus call is open I need to execute one command while the sqlplus is active. For example show sga.
I already got so... (3 Replies)
Discussion started by: h1kelds
3 Replies
LEARN ABOUT REDHAT
ssh-add
SSH-ADD(1) BSD General Commands Manual SSH-ADD(1)
NAME
ssh-add -- adds RSA or DSA identities to the authentication agent
SYNOPSIS
ssh-add [-lLdDxX] [-t life] [file ...]
ssh-add -s reader
ssh-add -e reader
DESCRIPTION
ssh-add adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files
$HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. Alternative file names can be given on the command line. If any file requires
a passphrase, ssh-add asks for the passphrase from the user. The passphrase is read from the user's tty. ssh-add retries the last
passphrase if multiple identity files are given.
The authentication agent must be running and must be an ancestor of the current process for ssh-add to work.
The options are as follows:
-l Lists fingerprints of all identities currently represented by the agent.
-L Lists public key parameters of all identities currently represented by the agent.
-d Instead of adding the identity, removes the identity from the agent.
-D Deletes all identities from the agent.
-x Lock the agent with a password.
-X Unlock the agent.
-t life
Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in
sshd(8).
-s reader
Add key in smartcard reader.
-e reader
Remove key in smartcard reader.
FILES
$HOME/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
$HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
$HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
Identity files should not be readable by anyone but the user. Note that ssh-add ignores identity files if they are accessible by others.
ENVIRONMENT
DISPLAY and SSH_ASKPASS
If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh-add does
not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and
open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from a .Xsession or related script.
(Note that on some machines it may be necessary to redirect the input from /dev/null to make this work.)
SSH_AUTH_SOCK
Identifies the path of a unix-domain socket used to communicate with the agent.
DIAGNOSTICS
Exit status is 0 on success, 1 if the specified command fails, and 2 if ssh-add is unable to contact the authentication agent.
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
BSD
September 25, 1999 BSD