![]() ![]() SSH is designed to allow secure remote access to systems for the purposes of gaining shell access and transferring files and data. This chapter will outline the steps to increase the security of an Ubuntu system by implementing key-based SSH authentication. This level of security is far from adequate and should be upgraded to SSH keybased authentication as soon as possible. When installed, SSH provides password protected and encrypted access to the system for the root account and any other users added during the installation phase. bashrc and get access the next time the user gets sudo with a password that the attacker doesn't need to know.When an Ubuntu system is first installed, it is not configured by default to allow remote commandline access via Secure Shell (SSH) connections. If they already have access to the private key, they could do some nasty things to. An attacker would need both the email and the user's private key to be successful. If you still wanted to have passwords, you could e-mail them in clear, but require them to be changed the first time they get used. It still gives people the feeling "now I change the system", but it doesn't have annoying passwords. My advice would be to have NOPASSWORD and be happy with it. This enables every such process to run sudo which is precisely what the NOPASSWORD parameter does. Then however its a bit pointless to use it, as then every (non-cgrouped) process running under the user's account could use the agent to execute commands as root. Pam_ssh_agent_auth requires ssh-agent forwarding in order to work over ssh. Is there some security caveat I'm missing why this is not more widely sudo has some advantages with its fine-grained control, but to rely on its logging capabilities, you would need to set up remote logging, as otherwise people with root access can falsify past logs. For servers however, most tasks will already require sudo, so both points get weak. The purpose of sudo is to give accounts that are logged in some separation between untrusted applications and admin-like tasks, and make users aware they are changing the system (and have to watch out). If people log in, and they have root access (through some mechanism), they usually do maintaining tasks, where they will use sudo for >90% of the time. In my opinion, sudo for server admins is a bit overkill. provide the user with the private key (or create a script that simply SSH in over the loopback interface to the privileged account using the private key)įor example, if the privileged account is r_service (created with useradd -om -u0 -g0 -d /root/service -s /bin/bash r_service) the call to that privileged command from a non-privileged account would be something like: $ ssh -i ~/.ssh/privileged_command way you will grant your users to execute that privileged command without compromising the security model.install that public key to privileged account's ~/.ssh/authorized_keys.Note that the key should be separated from this header by a space character. prepend the public part with the following: from="127.0.0.1",command="your_desired_command_here",no-pty,no-port-forwarding,no-agent-forwarding (you can also restrict the SSH session further, see "man sshd").Re: the original question - if you need some privileged command to be executed by non-privileged users you may use the following trick: I wrote an article on the sudo (mis)usage if you are interested to learn more on the topic: I suggest to avoid even installing sudo on your systems: it's an additional attack vector with usually no justification for having it. ![]() Why is this module or similar process is not part of standard Linux distro configs? Is there some security caveat I'm missing why this is not more widely adopted? Why passworded sudo is considered to be more secure than public/private key sudo? It seems like with this module in place we can have completely passwordless accounts. While doing some research on this topic I found pam_ssh_agent_auth project, which from my understanding enables the same private/public key authentication as used for ssh connections but for sudo command. I would still want some sort of authentication before users can run sudo commands. I know about sudoers file and NOPASSWORD parameter. That means I still need to generate passwords for these users and figure out how to securely get it to them. However, this process becomes useless when these users need to run sudo - the server is still asking for their passwords. This is great because when I create accounts for remote users I don't have to email them sensitive info(passwords). SSH with public-private key authentication comes enabled by default with most Linux distributions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |