Configure Automatic su or sudo
How to configure Automatic su or sudo /switch user CentOS/Freebsd/Ubuntu servers?
Overview: This article outlines how to add a remote server using a non-root user for SSH login and configure automatic sudo or su to switch to the root user.
Check out the following video to ensure that you have configured the auto login correctly.
Add a server by providing Hostname, IP Address , Remote SSH login user, and Password of the Remote SSH login user.
You can also add a server using key and passphrase. When adding a server using a key and passphrase, make sure to add the following line to the sudoers file of the remote server for automatic sudo to work:
root@remote_server ~]# visudo
alex ALL=(ALL:ALL) NOPASSWD: ALL
This configuration allows the user Alex to execute any command with sudo without being prompted for a password.
METHOD 1
.png)
Step 1: Ensure that the remote ssh user has the bash shell enabled.
The finger command would let you know the shell currently assigned to the remote SSH user.
root@gateway:~# finger alex
Login: alex Name:
Directory: /home/alex Shell: /usr/local/bin/tsh
Step 1(A): Assign bash shell to the user using the command
root@gateway:~# chsh -s /usr/local/bin/bash alex
Step 2: Fill in the first prompt, password prompt and root prompt of the remote SSH login user. Follow below steps to find first prompt, password prompt and root prompt.
Step 2(A): To find "First prompt", log in as the remote ssh login user(alex)to the remote server and you will get the first prompt
alex@gateway :~$
In this case, the 'first prompt' would be '~$ '.
There is the space character included above, so a total of 3 characters are required.
Step 2(B): Refer to the below example to find the password prompt.
alex@gateway :~$ sudo su -
[sudo] password for alex:
Here the 'Password Prompt' would be 'alex:'
Step 2(C): To find the "root prompt" switch to superuser and you will find the root prompt.
root@gateway :~#
In this case, the 'Root Prompt' would be '~# '
Step 3: After providing the first prompt, password prompt, and root prompt change Privilege escalation to "sudo".
Step 4: After filling in all the variables click on the save button.
Step 5: After saving, login to the Ezeelogin backend(ezsh). Upon successful login to the Ezsh shell, you will initially be logged in as the Remote SSH login user(alex)to the remote server and then automatically switched to the root user using "sudo su -".
Enable sudo only if you want the sudo command to switch privileges. If you are using the 'su' command to escalate privileges, then leave the Privilege Escalation field as "None"
METHOD 2
If you are using "su" instead of "sudo" to switch to root user then you need not enter the 'root prompt' and should disable sudo from privilege escalation.
Step 1: Enter the field 'Switch User' and 'Switch User Password' along with first prompt, password prompt. 'Switch User' would be 'root' or any other user that you would need to swich to and 'Switch User Password' would be the root password or the password of the user to which you are switching to.
Step 1(A): To find "First prompt", log in as the remote ssh login user(alex) and you will get the first prompt
alex@gateway :~$
In this case, the 'first prompt' would be '~$ '.
There is the space character included above, so total of 3 characters are required.
Step 1(B): Refer to the below example to find the password prompt.
alex@gateway :~$ su root
Password:
Here the 'Password Prompt' would be ''Password:"
Step 2: After filling up all the variables click on "Save"
Step 3: Login to the Ezsh shell. Upon successful login to the Ezsh shell, you will initially be logged in as the Remote SSH login user(alex) to the remote server and then automatically switched to the root user using "su".
Related Articles:
Enabling Virtualshell did not allow automatic su or sudo
How to add a subssh user with non-privileged remote SSH login user
Enable root privilege for the group in the sudoers file
How to add sub ssh users on remote servers and restrict commands via sudoers file
How to allow the user to switch when the command guard is enabled