04-10-2015
Hi,
Yes, I use ssh but then I do a sudo su - <login>, for example sudo su - oracle, which I then have to supply my password yet again
-
So in a way the passwordless stuff works on the first instance but not when I then need to do a sudo or is there a way that I can sudo su - where I won't be prompt for the password.
If there are sudo config settings to change, I can't do it as I am not the SA of the server
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I need to alter a file.
I'm using sed then passing output to temp file
then using touch -r to maintain the date but the permissions do not get preserved
How can I sed a file and maintain date and permissions
currently
it's preserving the date but the permissions revert back to the... (3 Replies)
Discussion started by: andyatit
3 Replies
2. Shell Programming and Scripting
Hi all,
Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
Discussion started by: newbie_01
2 Replies
3. Shell Programming and Scripting
I am developing a script to maintain 'n' number of versions of a file. The script will take a filename as a parameter and the number of versions to maintain. This basically does something like a FIFO. Here is what I developed. But something is not right. I have attached the script. Can u pls help... (2 Replies)
Discussion started by: vskr72
2 Replies
4. Shell Programming and Scripting
I have a string like root=/dev/sda3 noacpi foo "Baz mumble" which I would like to separate into tokens like a shell does. This would be easily done with eval but that would open a security hole big enough to drop a cow through, injecting arbitrary code would be easy as pie. How can I parse this... (15 Replies)
Discussion started by: Corona688
15 Replies
5. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
Hello guys
I am about to write a script that is based on "The Linux Administration Handbook" The exercise is... (6 Replies)
Discussion started by: Learn4Life
6 Replies
6. Shell Programming and Scripting
Hello guys
I am about to write a script that is based on "The Linux Administration Handbook" The exercise is as follows:
Write a shell script to help monitor the health of the /etc/passwd file.
Find entries that have UID0
Find entries that have no password (needs /etc/shadow)
Find any... (4 Replies)
Discussion started by: Learn4Life
4 Replies
7. Solaris
I am using:
reboot -- cdrom
However I'm afraid of causing file system errors/corruption. I've seen many threads say that
init 6
is safer, but I need to get to CDROM.
Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
Discussion started by: lcoreyl
5 Replies
8. UNIX for Advanced & Expert Users
Running SunOs 5.6. Solaris.
I've been able to remove all special characters from a fixed length file which appear in the first column but as a result all subsequent columns have shifted to the left by the amount of characters deleted.
It is a space separated file. Line 1 in input file is... (6 Replies)
Discussion started by: iffy290
6 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)