Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Help on Ssh using sudo

Security


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 08-18-2014   -   Original Discussion by anandk
anandk anandk is offline
Registered User
 
Join Date: Oct 2007
Last Activity: 15 February 2015, 8:18 AM EST
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Help on Ssh using sudo

I'm confused in the configuration of sudoers for one group of users.
The users need to execute a app from a remote machine, in this local machine they want me to allow ssh for them using sudo
for eg. sudo -u admin ssh -X euadmin@<IP address of remote> <remote script which opens a gui>

It should work, so in the sudoers file I added this

Code:
Cmnd_Alias    MGW_SSH = /usr/bin/ssh *-X euadmin@<IP address of remote> <remote script which opens a gui>*

The problem with this is that even though this group of users were able to execute the application to open the GUI, but this opens up a security hole where the users are able to ssh to any server using the admin role like sudo -u admin master would work perfectly and the user is able to log into other servers without password I don't want this to happen.

Is there a way I can restrict these users only to run ssh for a specific server? I did search a bit but couldn't find a proper solution, so thought of contacting the expert.

regards,
Anand.K

Last edited by rbatte1; 08-19-2014 at 12:59 PM.. Reason: Spelling and grammar, adding ICODE tags for in-line code.
Sponsored Links
    #2  
Old Unix and Linux 08-18-2014   -   Original Discussion by anandk
Perderabo's Unix or Linux Image
Perderabo Perderabo is offline Forum Advisor  
Unix Daemon (Administrator Emeritus)
 
Join Date: Aug 2001
Last Activity: 26 February 2016, 12:31 PM EST
Location: Ashburn, Virginia
Posts: 9,930
Thanks: 64
Thanked 471 Times in 271 Posts
You are going about this all wrong. Give everyone his own account. On each system, create an admin group. Give the admin group root power via sudo by adding a line to sudoers like this:


Code:
%admin ALL=(ALL) NOPASSWD: ALL

If a user should be able to access a system at all, add his private account to that system. If he needs root access as well, add his account to the admin group. Now he can log on to the box and them use sudo to obtain root authority.
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Ssh & sudo squrcles Shell Programming and Scripting 4 02-14-2014 01:00 PM
ssh foo.com sudo command - Prompts for sudo password as visible text. Help? fluoborate Shell Programming and Scripting 9 11-02-2011 03:18 PM
ssh and sudo login john_prince UNIX for Advanced & Expert Users 5 01-28-2011 03:25 AM
sudo and ssh john_prince UNIX for Advanced & Expert Users 9 01-21-2011 02:08 PM
sudo and ssh jOOc UNIX for Advanced & Expert Users 3 11-12-2007 04:48 PM



All times are GMT -4. The time now is 06:27 AM.