Configure Automatic su or sudo
How to configure Automatic su or sudo /switch user CentOS/Freebsd/Ubuntu servers?
Overview: This article outlines how to add a remote server using a non-root user for SSH login and configure automatic sudo or su to switch to the root user.
You can also add a server using key and passphrase. When adding a server using a key and passphrase, make sure to add the following line to the sudoers file of the remote server for automatic sudo to work:
root@remote_server ~]# visudo
alex ALL=(ALL:ALL) NOPASSWD: ALL
This configuration allows the user Alex to execute any command with sudo without being prompted for a password.
Create a new user on the remote server with a home directory and bash shell to ensure 'automatic su' works correctly.
Method 1: Create user with adduser command
example: adduser username
Method 2: Create user with useradd command
example: useradd -m -s /bin/bash username
The first prompt and root prompt will vary across different operating systems.
Make sure to login to the remote server manually, check the exact prompts for both the normal user and the root user, and update them in Ezeelogin accordingly. This is required for 'automatic su' to work correctly without any errors.
METHOD 1
.png)
Step 1: Ensure that the remote ssh user has the bash shell enabled.
The finger command would let you know the shell currently assigned to the remote SSH user.
root@gateway:~# finger alex
Login: alex Name:
Directory: /home/alex Shell: /usr/local/bin/tsh
Step 1(A): Assign bash shell to the user using the command
root@gateway:~# chsh -s /usr/local/bin/bash alex
Step 2: Fill in the first prompt, password prompt and root prompt of the remote SSH login user. Follow below steps to find first prompt, password prompt and root prompt.
Step 2(A): To find "First prompt", log in as the remote ssh login user(alex)to the remote server and you will get the first prompt
alex@gateway :~$
In this case, the 'first prompt' would be '~$ '.
There is the space character included above, so a total of 3 characters are required.
Step 2(B): Refer to the below example to find the password prompt.
alex@gateway :~$ sudo su -
[sudo] password for alex:
Here the 'Password Prompt' would be 'alex:'
Step 2(C): To find the "root prompt" switch to superuser and you will find the root prompt.
root@gateway :~#
In this case, the 'Root Prompt' would be '~# '
Step 3: After providing the first prompt, password prompt, and root prompt change Privilege escalation to "sudo".
Step 4: After filling in all the variables click on the save button.
Step 5: After saving, login to the Ezeelogin backend(ezsh). Upon successful login to the Ezsh shell, you will initially be logged in as the Remote SSH login user(alex)to the remote server and then automatically switched to the root user using "sudo su -".
Enable sudo only if you want the sudo command to switch privileges. If you are using the 'su' command to escalate privileges, then leave the Privilege Escalation field as "None"
METHOD 2
If you are using "su" instead of "sudo" to switch to root user then you need not enter the 'root prompt' and should disable sudo from privilege escalation.
Step 1: Enter the field 'Switch User' and 'Switch User Password' along with first prompt, password prompt. 'Switch User' would be 'root' or any other user that you would need to swich to and 'Switch User Password' would be the root password or the password of the user to which you are switching to.
Step 1(A): To find "First prompt", log in as the remote ssh login user(alex) and you will get the first prompt
alex@gateway :~$
In this case, the 'first prompt' would be '~$ '.
There is the space character included above, so total of 3 characters are required.
Step 1(B): Refer to the below example to find the password prompt.
alex@gateway :~$ su root
Password:
Here the 'Password Prompt' would be ''Password:"
Step 2: After filling up all the variables click on "Save"
Step 3: Login to the Ezsh shell. Upon successful login to the Ezsh shell, you will initially be logged in as the Remote SSH login user(alex) to the remote server and then automatically switched to the root user using "su".
Common errors when SSH’ing into remote server after configuring automatic su or sudo
Timeout waiting for server response.
First prompt could not be found in server response. Make sure first prompt has been specified correctly.
How to fix the above error?
Step 1: Login to remote server manually and check the prompt of the user.
Step 2: Provide the correct 3 character in first prompt in the GUI, and ensure that the remote user’s password is correct.
Step 3: Re-login to ezsh and check if the login works as expected. After logging in, it should automatically switch to the root user.
Related Articles:
Enabling Virtualshell did not allow automatic su or sudo
How to add a subssh user with non-privileged remote SSH login user
Enable root privilege for the group in the sudoers file
How to add sub ssh users on remote servers and restrict commands via sudoers file
How to allow the user to switch when the command guard is enabled