We help IT Professionals succeed at work.

Authenticating Ubuntu Sudo user with public keys.

Joe Murph
Joe Murph asked
on
148 Views
Last Modified: 2017-05-13
I have a Ubuntu user that I just added to the sudoer's list, but is prompted for his for his public key password when he tries to 'sudo su'. This user's public key allows him to access this Ubuntu server without a password, so I am wondering how do I configure his sudo access to not prompt for his password?
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Sudo su is a reduntant sudo -i or sudo -s sudo bash does it better.
Sudo su is similar to a person with a master key to a building going to a management  office where they get a key for office 203. Then ho to office 203 and use the key to open door.

Having said that. Back to your question.
Passphrase used to authenticate using a public key when connecting is not what the user is prompted for when executing sudo.
Look at /etc/sudoers using visudo, the user when executing sudo is prompted for the accounts password, not for the ssh key passphrase on the system from which the user connected.

User is logged into SystemA. User ssh user@systemB where public key auth is setup. On connection, the user is prompted for the passphrase for user@systemA key without which a connection will be denied.
Upon login, running sudo -i or -s or bash, based on sudoers and settings. You could set user not to require a password for use of sudo, but I would caution if you fo for this user, make sure to explicitly set what commands the user can run without prompting as well as do not allow the user to run any shell sh, bash, ksh, ssh, csh, tcsh, zsh and absolutely no efi tours, vi, emacs, ed,(editors include an option to run a shell command) in the same vein do not allow mail client apps as they use an editor to create a message thus allowing the user to launch an elevated shell.
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions