Wednesday, May 1, 2024
Homepage · ssh
 Popular · Latest · Hot · Upcoming
71
rated 0 times [  71] [ 0]  / answers: 1 / hits: 269336  / 3 Years ago, wed, july 7, 2021, 1:24:37

I need to configure a machine so software installation can be automated remotely via SSH. Following the wiki, I was able to setup SSH keys so my user can access the machine without a password, but I still need to manually enter my password when I use sudo, which obviously an automated process shouldn't have to do.



Although my /etc/ssh/sshd_config has PermitRootLogin yes, I can't seem to be able to log in as root, presumably because it's not a "real" account with a separate password.



How do I configure SSH keys, so a process can remotely log in as root on Ubuntu?


More From » ssh
 Answers
6

Part 1 : SSH key without a password



To set up a passwordless SSH connection for the root user you need to have root access on the server. Easiest method is to temporarily allow root to log in over ssh via password. One way or another you need root access on the server to do this. If you do not have root access on the server, contact the server administrator for help.



On the client (where you ssh FROM)



First make a ssh key with no password. I highly suggest you give it a name rather then using the default 



ssh-keygen -f foo


The -f option specifies a file name, foo is an example, use whatever name you wish.



When you are prompted for a password, just hit the enter key and you will generate a key with no password.



Next you need to transfer the key to the server. Easiest method is to use ssh-copy-id . To do this you must temporarily allow root to ssh into the server.



On the server (where you ssh TO)



edit /etc/ssh/sshd_config



sudo nano /etc/ssh/sshd_config


Make sure you allow root to log in with the following syntax



PasswordAuthentication yes

PermitRootLogin yes


Restart the server



sudo service ssh restart


Set a root password, use a strong one



sudo passwd


On the client :



From the client, Transfer the key to the server



ssh-copy-id -i ~/.ssh/foo root@server


change "foo" the the name of your key and enter your server root password when asked.



Test the key



ssh -i ~/.ssh/foo root@server


Assuming it works, unset a root password and disable password login.



On the server :



sudo passwd -l root


Edit /etc/ssh/sshd_config



sudo nano `/etc/ssh/sshd_config`


Change the following :



PasswordAuthentication no

PermitRootLogin without-password


Restart the server



sudo service ssh restart


On the client (Test):



You should now be able to ssh in with your key without a password and you should not be able to ssh in as any user without a key.



ssh -i ~/.ssh/foo root@server


Part 2 : Running commands via sudo without entering a password



You configure sudo to allow you to run commands without a password.



This is answered here in two places:





Of the two, I suggest allowing as few commands as possible (first answer) rather then all commands (second answer).


[#39721] Thursday, July 8, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
rcraftemur
Add To Favorites
Follow
Total Points: 118
Total Questions: 119
Total Answers: 144
Location: Turks and Caicos Islands
Member since Sun, Mar 7, 2021
3 Years ago
;