openssh - run as another user

Dan Mahoney, System Admin danm at prime.gushi.org
Fri Aug 27 12:17:40 EST 2010


On Fri, 27 Aug 2010, Phillip Wu wrote:

> For security, many systems are configured so you cannot log directly as root via the initial authentication in openssh.
>
> What is usually done is that you log onto as your normal login and once you get a interactive shell you su to root to
> run the command that requires root.
>
> Does openssh have a more elegant way of exec'ing a command as root so I can run the command
> non-interactively?  I know:
> Normal userid
> Normal userid password
> Root's password

I'm not sure why you're sending this to the "dev" list, it's hardly a 
development matter.

However, typically, if you're root on the system, and you need to run root 
commands remotely, you would change the default authorization.  You can 
for example set "permitrootlogin yes" in your config file, but that's 
dangerous.

What perhaps makes more sense is to set "permitrootlogin without-password" 
(and use pubkey auth) or even forced-commands-only.

Try reading the man page for sshd_config, look specifically for the 
PermitRootLogin option.

-Dan

> *************************************************************** This 
> message is intended for the addressee named and may contain confidential 
> information. If you are not the intended recipient, please delete it and 
> notify the sender. Views expressed in this message are those of the 
> individual sender, and are not necessarily the views of the Land and 
> Property Management Authority. This email message has been swept by 
> MIMEsweeper for the presence of computer viruses. 
> ***************************************************************

The addressee is a public mailing list.

> Please consider the environment before printing this email.

What is the increased carbon footprint of every message you/your company 
send including the above two pieces of advice?

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



More information about the openssh-unix-dev mailing list