For security, many systems are configured so you cannot log directly as root via the initial authentication in openssh. What is usually done is that you log onto as your normal login and once you get a interactive shell you su to root to run the command that requires root. Does openssh have a more elegant way of exec'ing a command as root so I can run the command non-interactively? I know: Normal userid Normal userid password Root's password *************************************************************** This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Land and Property Management Authority. This email message has been swept by MIMEsweeper for the presence of computer viruses. *************************************************************** Please consider the environment before printing this email.
On Thu, Aug 26, 2010 at 18:36:53 -0500, Phillip Wu wrote:> For security, many systems are configured so you cannot log directly as root via the initial authentication in openssh. > > What is usually done is that you log onto as your normal login and once you get a interactive shell you su to root to > run the command that requires root. > > Does openssh have a more elegant way of exec'ing a command as root so I can run the command > non-interactively? I know: > Normal userid > Normal userid password > Root's password >If your site's policy allows setting "PermitRootLogin forced-commands-only" (see sshd_config(5)), then you could use a command-restricted public-key to execute a command as root. However, if you need to execute arbitrary commands then your current approach is the only real option. But I would suggest using sudo rather than su. -- Iain Morgan
On Fri, 27 Aug 2010, Phillip Wu wrote:> For security, many systems are configured so you cannot log directly as root via the initial authentication in openssh. > > What is usually done is that you log onto as your normal login and once you get a interactive shell you su to root to > run the command that requires root. > > Does openssh have a more elegant way of exec'ing a command as root so I can run the command > non-interactively? I know: > Normal userid > Normal userid password > Root's passwordI'm not sure why you're sending this to the "dev" list, it's hardly a development matter. However, typically, if you're root on the system, and you need to run root commands remotely, you would change the default authorization. You can for example set "permitrootlogin yes" in your config file, but that's dangerous. What perhaps makes more sense is to set "permitrootlogin without-password" (and use pubkey auth) or even forced-commands-only. Try reading the man page for sshd_config, look specifically for the PermitRootLogin option. -Dan> *************************************************************** This > message is intended for the addressee named and may contain confidential > information. If you are not the intended recipient, please delete it and > notify the sender. Views expressed in this message are those of the > individual sender, and are not necessarily the views of the Land and > Property Management Authority. This email message has been swept by > MIMEsweeper for the presence of computer viruses. > ***************************************************************The addressee is a public mailing list.> Please consider the environment before printing this email.What is the increased carbon footprint of every message you/your company send including the above two pieces of advice? -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Use sudo a la ssh desthost sudo /some/command -----Original Message----- From: openssh-unix-dev-bounces+coy.hile=coyhile.com at mindrot.org [mailto:openssh-unix-dev-bounces+coy.hile=coyhile.com at mindrot.org] On Behalf Of Phillip Wu Sent: Thursday, August 26, 2010 7:37 PM To: openssh-unix-dev at mindrot.org Subject: openssh - run as another user For security, many systems are configured so you cannot log directly as root via the initial authentication in openssh. What is usually done is that you log onto as your normal login and once you get a interactive shell you su to root to run the command that requires root. Does openssh have a more elegant way of exec'ing a command as root so I can run the command non-interactively? I know: Normal userid Normal userid password Root's password *************************************************************** This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Land and Property Management Authority. This email message has been swept by MIMEsweeper for the presence of computer viruses. *************************************************************** Please consider the environment before printing this email. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev