comp.os.linux.networking

Ignoramus10392 writes:

>> You did not understand him. Disallow root logins. Then you can get in as
>> yourself and then su or sudo to root.
>
> automatically from a script?

That's an orthogonal question to the whole ssh discussion if your
script is executing on the local box.

If you need to remotely do things on another box logging in a root
with ssh and avoiding any password entry, doing public key auth to a
role account (e.g. myscriptrunner as an account name) and then
configuring sudo to allow the user myscriptrunner to run whatever
command you need without entering the root password in /etc/sudoers is
the way to go. Then as myscriptrunner the script would invoke sudo
/usr/bin/whatever to run as root.

>> If you put yourself into the sudo list then you could do a
>> passwordless root login to yourself, and run the script which has a
>> sudo in it to allow root to do the things it needs to do. You can
>> also make sure that sudo only allows a few commands to be done in
>> that way.
>
> I guess I was mistaken, but I thought that both sudo and su require me
> to enter some kind of password (mine or root's). Is that wrong?

You'll need to modify the sudo config file /etc/sudoers if you want to
disable the need for an interactive user to type the root password
when using sudo.

man 5 sudoers

Tag_Spec ::= ('NOPASSWD:'

will be of particular interest, but you'll want to limit being able to
run that way down to the specific command or commands your absolutely
must be able to sudo rather than saying "yeah this user can do
whatever as root with out a password."

--
Todd H.
http://www.toddh.net/