Avatar of Joe Murph
Joe Murph
 asked on

Authenticating Ubuntu Sudo user with public keys.

I have a Ubuntu user that I just added to the sudoer's list, but is prompted for his for his public key password when he tries to 'sudo su'. This user's public key allows him to access this Ubuntu server without a password, so I am wondering how do I configure his sudo access to not prompt for his password?
Linux* SSHUbuntu

Avatar of undefined
Last Comment

8/22/2022 - Mon

Sudo su is a reduntant sudo -i or sudo -s sudo bash does it better.
Sudo su is similar to a person with a master key to a building going to a management  office where they get a key for office 203. Then ho to office 203 and use the key to open door.

Having said that. Back to your question.
Passphrase used to authenticate using a public key when connecting is not what the user is prompted for when executing sudo.
Look at /etc/sudoers using visudo, the user when executing sudo is prompted for the accounts password, not for the ssh key passphrase on the system from which the user connected.

User is logged into SystemA. User ssh user@systemB where public key auth is setup. On connection, the user is prompted for the passphrase for user@systemA key without which a connection will be denied.
Upon login, running sudo -i or -s or bash, based on sudoers and settings. You could set user not to require a password for use of sudo, but I would caution if you fo for this user, make sure to explicitly set what commands the user can run without prompting as well as do not allow the user to run any shell sh, bash, ksh, ssh, csh, tcsh, zsh and absolutely no efi tours, vi, emacs, ed,(editors include an option to run a shell command) in the same vein do not allow mail client apps as they use an editor to create a message thus allowing the user to launch an elevated shell.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck