Skip to Content

How to add sub ssh users on remote servers and restrict commands via sudoers file

How to create sub SSH users on remote servers and restrict commands via sudoers file?


Overview: This article  describes how to  create a sub ssh user  ( "isotech" ) on a remote server ( configured with root as the Remote SSH Login user), limit the actions to running the commands tcpdump and to download files to the dir /home/solusvm/kvm/iso )  using wget.



Step 1.a: Create Managed SubSSH user 'isotech'.  

Increase the PHP maximum execution time in seconds on the Gateway server.  This directive max_execution_time would specifiy the maximum time in seconds that a PHP script is allowed to run before it’s terminated. 

root@gateway ~# read -p "Enter new maximum execution time (e.g., 900): " time && sudo sed -i "s/^max_execution_time =.*/max_execution_time = $time/I" /etc/php/$(php -v | head -n 1 | awk '{print $2}' | cut -d. -f1,2)/cli/php.ini 

root@gateway~# read -p "Enter new memory limit (e.g., 2G): " memory && sudo sed -i "s/^memory_limit =.*/memory_limit = $memory/I" /etc/php/$(php -v | head -n 1 | awk '{print $2}' | cut -d. -f1,2)/cli/php.ini 

root@gateway~# systemctl restart apache2 

Step 1.b: Under SubSSH user > specify the username and Save it.  

This will create the user “isotech” on all remote servers. (n number of servers) 

Step 2.a: Run the following commands via parallel shell to run in the sudoers file.    

root@gateway~# echo "isotech ALL=(ALL) NOPASSWD: /usr/bin/tcpdump" >> /etc/sudoers 

Step 2.b: Check the syntax of sudoers file on remote servers. 

root@gateway~# visudo –c

Step 3 : Login to the SolosVM Masters server. Change the user home directory and grant permissions to the directory as shown below. 

root@gateway~# usermod -d /home/isotech/kvm/iso isotech ; chmod 777 /home/isotech/kvm/iso 

Step 4 : Map the sub ssh user ”isotech” to ”SolosVM Masters GRP” server group and ”Junior Techs” UserGroup. This will ensure that the gateway users belonging to ”Junior Techs” would login to ”SolosVM Master server” as the non-privileged user ”isotech”. 

Step 5 : Login to ezsh shell as ssh gateway user “tom” (“junior tech”) and login to a remote server (“SolusVM MastersRSV.com”) and run “tcpdump” / “wget" command to download the files.

Creation of Subssh user fails

If the Ezeelogin gateway server has more remote servers, it will take more time to create the subssh user in all the servers. Refer below article to increase the execution time of the script in the gateway server.

Increase script execution time in the gateway server


Related Articles:

Error: An error occurred while trying to submit the form (error: Forbidden)

What is Sub SSH?

How to configure Role-Based Access Control?

How to grant Parallel Shell privilege for a user?

How to increase speed execution in Parallel Shell?

How to execute command on a custom group of servers?