Home / ubuntu / Questions / 235490
In Process
CppLearner
Asked: 2013-01-03 21:10:06 +0800 CST

Is there key infrastructure allows one running as sudo remotely without prompting password?

  • 772

For example, I can use ssh-id-copy to get the key and login to the remote server without entering the password. Is there a similar mechanism to run as root without prompting password?

I don't know. If login with a key is sort of safe, then I argue there should be a mechanism like that for sudo. NOPASSWD is not a good solution, however.

Thanks.

sudo

2 Answers

  1. It doesn't have key infrastructure for this. You can use sudoer instead.

    Create a file in /etc/sudoers.d with 

    sudo visudo -f /etc/sudoers.d/filename

    add a line begin with your account

    ubuntuman ALL=(root) NOPASSWD: ALL

    save the file

    use it with caution

    • 1

  2. You say:

    NOPASSWD is not a good solution

    But NOPASSWD is the solution. Can you clarify your question to explain what you don't like about it?

    There is a separation of concerns here: authentication is separated from authorization. Once you have proved to the system that you are who you say you are (by logging in), sudo is responsible for restricting what you can do.

    The sudoers file syntax is pretty sophisticated (if somewhat arcane). You can restrict individual users (or groups of users) to certain sets of commands, with or without passwords. Would that help alleviate your concerns?

    • 0