1

Being a Sudo user, is it possible to create a SSH key for an user in the same Linux server? This Sudo user doesn't have a Switch user privilege.

I have a server where I Login as sudo user say 'admin'(doesn't have switch user privilege) and I have another user say 'user1'. I have a script in my server that should run as 'user1' which should call another script running in a remote host(remote host has a similar user named 'user1') during this process, the 'user1' needs an authorized key for remote host authentication. Since the sudo user 'admin' doesn't have the privilege to switch as 'user1' and generate the ssh keys, I'll have to generate the ssh keys for 'user1' as 'admin'

Improve this question
8
  • BD, the meaning of this question is not clear to me. Is it possible to clarify what you're trying to do? An example might well help. Commented Jul 24, 2014 at 10:44
  • For instance I can login as an user which has the sudo privilege and there is another user in the same server which is to be used for a task(Copying files across a remote server) and the authorized keys of this user needs to be added in the remote server. Being a sudo user, Is it possible to generate a key for this user? Commented Jul 24, 2014 at 10:52
  • /usr/local/bin/sudo ssh-keygen -t rsa -f /home/user1/.ssh/rsa_pub Doesn't help me to create ssh keys for the 'user1' Commented Jul 24, 2014 at 10:56
  • If your question is "as a user with sudo privileges, can I create a keypair, and put the public key into the authorised_keys file of another user, so that I'll be able to log in directly as them?", then the answer is yes. Commented Jul 24, 2014 at 11:00
  • I am afraid that I went wrong with the details and I have updated my question in detaild for ref Commented Jul 24, 2014 at 11:30

3 Answers 3

Reset to default
1

You don't need any sudo for this. Assuming you have sshd running with passwordAuth on server2 for user1, do the following from server1: 

mkdir ~/.ssh chmod 700 ~/.ssh ssh-keygen -t rsa -f ~/.ssh/id_rsa ssh-copy-id -i ~/.ssh/id_rsa.pub user1@server2

At this point, ~/.ssh/authorized_keys is installed on server2, and assuming pubkeyAuth is enabled on server2, you can try a ssh without pwd:

ssh user1@server2 ls

now, if you want to revert things (allow user1 from server2 to login in server1 with pubKey), do the following from user1 on server2:

scp user1@server1:.ssh/id_rsa .ssh/id_rsa chmod 600 .ssh/id_rsa

and on server1: 

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
Improve this answer
1

Yes, it is possible without any problems. You can get your ssh private key into the .ssh/authorized_keys file just as if you ssh-d into that account.

P.s.: BTW, there is no such thing as "sudo user". You are probably thinking on a user capable to get a rootshell with a sudo command, but it was not trivial to find out the proper meaning of your terminology. ALso there is no such thing as 'switch to user'. Do you think on some type of su-ing? Maybe you had to use everywhere known terminology.

Improve this answer
4
  • can you get me the command that can help me in this?, I can check the same in my use case. Commented Jul 24, 2014 at 12:05
  • @BigData Of course: linuxproblem.org/art_9.html The only difference that you can do your initial login not by an ssh, but with your sudo command. You will be able to get a root shell with a local ssh after that (maybe ssh root@localhost). Commented Jul 24, 2014 at 12:07
  • With ref to the above link, is it possible to have an automatic login from host A / user b to Host B / user b? Note: I don't have privilege to log on as user b at Host A and same time I don't have any access to 'host B'. Does it make clear? Commented Jul 24, 2014 at 12:42
  • @BigData With this link is it possible to ssh from every ssh account to every other without the need to type in a password. If you can't log in to these accounts, how can you use sudo on at least one of them? Commented Jul 24, 2014 at 12:48
0

This depends on how sudo is configured for your account. Often, it is restricted quite a lot to allow only a certain set of operations.

When in doubt, talk to your admin to help you out.

Some other approach: There is no requirement for the ssh key file to be at a specific place. You can create a set of keys wherever you like, add the public key to the remote users authorized_keys file and then use something like this:

sudo ssh -i /path/to/privkey user@host
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.