remote SUDO with SSH

Jonas Norlander jonorland at
Sun Aug 10 11:33:08 UTC 2008

2008/8/10 Knapp <magick.crow at>:
> On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh at> wrote:
>> On Saturday 09 August 2008, Knapp wrote:
>>> If I sign into my computer remotely using SSH, I can then use SUDO to
>>> change things in the computer. I would like this SUDO command not to
>>> function when used my someone remotely.
>> Ok, you still haven't mentioned who you are logging in with.  The 'normal'
>> user who has root privs through sudo, or someone else such as root.
> Logging in as a user with sudo privileges an a computer without su.
> I want the user to have them when local but not when remote.
> --
> Douglas E Knapp

I always do i new group, sshlogin and adding "AllowGroups sshlogin" to
/etc/ssh/sshd_config then i put the user allowed to login with ssh to
that group. If i remember right you can deny commands run by sudo in
/etc/sudoers with something like this: %sshlogin ALL=(ALL)
I have no idea if it works or there exist a better way.

Wait i see now that that will probably deny them using sudo locally
to. The ALL in above example is the machines this is valid for,
perhaps it's possible to do like this %sshlogin !localhost=(ALL)

/ Jonas

More information about the kubuntu-users mailing list