remote SUDO with SSH

Constantinos Maltezos pandarsson at yahoo.com
Sun Aug 10 17:11:54 UTC 2008


On Sunday 10 August 2008 6:33:08 am Jonas Norlander wrote:
> 2008/8/10 Knapp <magick.crow at gmail.com>:
> > On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh at bmarsh.com> wrote:
> >> On Saturday 09 August 2008, Knapp wrote:
> >>> If I sign into my computer remotely using SSH, I can then use SUDO to
> >>> change things in the computer. I would like this SUDO command not to
> >>> function when used my someone remotely.
> >>
> >> Ok, you still haven't mentioned who you are logging in with.  The
> >> 'normal' user who has root privs through sudo, or someone else such as
> >> root.
> >
> > Logging in as a user with sudo privileges an a computer without su.
> > I want the user to have them when local but not when remote.
> >
> >
> > --
> > Douglas E Knapp
>
> I always do i new group, sshlogin and adding "AllowGroups sshlogin" to
> /etc/ssh/sshd_config then i put the user allowed to login with ssh to
> that group. If i remember right you can deny commands run by sudo in
> /etc/sudoers with something like this: %sshlogin ALL=(ALL)
> !/usr/bin/sudo.
> I have no idea if it works or there exist a better way.
>
> Wait i see now that that will probably deny them using sudo locally
> to. The ALL in above example is the machines this is valid for,
> perhaps it's possible to do like this %sshlogin !localhost=(ALL)
> !/usr/bin/sudo.
>
> / Jonas

Never mind my answer.  This one's much better.




More information about the kubuntu-users mailing list