Linux 使用 SSH 密钥使用“sudo su - username”切换用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17061835/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Switch user with "sudo su - username" using SSH keys
提问by Pier
I've been trying to use ssh keys in order to be able to switch from one user to another user on the same Linux machine/server by using sudo su - username.
我一直在尝试使用 ssh 密钥,以便能够使用sudo su - username.
What i want to do is: I have several accounts on one server.
I want to lock those account with passwd -l username,
and allow access only with SSH keys, by ssh-ing from one user to the other on the same machine, e.g., : [user1@server]$ ssh user2@server
我想要做的是:我在一台服务器上有多个帐户。我想用 锁定那些帐户passwd -l username,并仅允许使用 SSH 密钥访问,方法是在同一台机器上从一个用户到另一个用户进行 ssh-ing,例如: [user1@server]$ ssh user2@server
I did this by copying the public key of user1to the authorized_keysfile of user2and it works fine.
我通过将 的公钥复制user1到 的authorized_keys文件中来做到这一点,user2并且它工作正常。
But the other thing that i would like also to do, is to be able to sudo su - user2from user1, by using the ssh keys, so i can avoid the password prompting.
但是,其他的事情,我想也是这样做,是为了能够sudo su - user2从user1通过使用SSH密钥,这样我就可以避开密码提示。
e.g., [user1@server]$ sudo su - user2
例如, [user1@server]$ sudo su - user2
I have modified the sshd_config file, and uncomment the fields:
我已经修改了 sshd_config 文件,并取消了字段的注释:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
but still i am not able to do it.
但我仍然无法做到。
I also tried what i found on the internet regarding agent forwarding, but nothing.
我也尝试了我在互联网上找到的有关代理转发的内容,但什么也没有。
Can anyone help me on how to do this or point me to the right direction?
任何人都可以帮助我如何做到这一点或为我指明正确的方向吗?
回答by kirelagin
sudohas nothing to do with SSH and sshdconfig.
sudo与SSH和sshd配置无关。
What you really want is a PAM module that will use SSH public keys. I'm not sure what are your reasons as the whole idea seems a bit strange, but, well. pam_sshis the module that does this.
您真正想要的是一个使用 SSH 公钥的 PAM 模块。我不确定你的原因是什么,因为整个想法看起来有点奇怪,但是,好吧。pam_ssh是执行此操作的模块。
回答by V H
To get sudo to work passwordless to another user these are the changes required (perform them with super user access):
要让 sudo 对另一个用户无密码地工作,这些是所需的更改(使用超级用户访问权限执行它们):
edit /etc/sudoers
编辑 /etc/sudoers
visudo
Config changes
配置更改
# Allow user to sudo su as anyone without password
user ALL=(ALL) NOPASSWD: ALL
%group ALL=(ALL) NOPASSWD: ALL
# Allow user to become another user
user ALL=(user2) NOPASSWD: ALL
%group ALL=(user2) NOPASSWD: ALL
now with the latter sudo su - user2 should work
现在使用后者 sudo su - user2 应该可以工作
The only stumbling block was the user to be added to sudo group
唯一的绊脚石是要添加到 sudo 组的用户
usermod -a -G sudo user
The examples above in the config shows the user first then by group - you only need 1 of the two -
配置中的上述示例首先显示用户,然后按组显示 - 您只需要两者中的一个 -
Edited:
编辑:
visudo
%group2 ALL=(ALL:ALL) PASSWD: ALL
%group1 ALL=(ALL:ALL) NOPASSWD: ALL
add run group
添加运行组
groupadd group1
groupadd group2
so for users that require a password
所以对于需要密码的用户
usermod -a -G group2 user1
usermod -a -G group2 user2
etc..
for users that require no password:
对于不需要密码的用户:
usermod -a -G group nuser1
usermod -a -G group nuser2
etc
