How to add a subssh user with non privileged remote ssh login user
How to create sub ssh user when a remote server is added with non privileged remote SSH Login User?
Overview: This article details on how to add a remote server ''web.eznoc.com' to Ezeelogin gateway with Remote SSH Login User 'Tech' ( non privileged system user ) and allows the gateway user 'Ted' to log in to the remote server as a SubSSH user 'Dev' ( non privileged system user )
Step 1: Add the remote server (web.eznoc.com) with the non-privileged Remote SSH Login User(tech).
Step 2: Grant necessary privileges to the Remote SSH Login User(tech) in the sudoers file on the remote SSH server (web.eznoc.com).
Step 2(A): Create a config file for granting privileges for user group and assign permissions.
If you are using key-based authentication, make sure to provide 'NOPASSWD' in the sudoers file.
[email protected]:~# vim /etc/sudoers.d/user_management
%<new_group_name> ALL=(ALL) NOPASSWD:/usr/bin/sh -c *
eg: tech ALL=(ALL) NOPASSWD:/usr/bin/sh -c *
[email protected]:~# chmod 440 /etc/sudoers.d/user_management
Step 2(B): Check syntax of sudoers file
[email protected]:~# visudo -c
/etc/sudoers: parsed OK
/etc/sudoers.d/user_management: parsed OK
Step 3: Create SubSSH user (Dev) and perform mapping.
If creating SubSSH user on high number of servers, make sure to increase values in php.ini. Refer step 2 from below article.
Step 3(A): Create SubSSH user
Step 3(B): To map a SubSSH user based on groups, go to Sub SSH User Maps, then select the user group, SubSSH user, and server group.
Step 3(C): To map SubSSH user for an individual gateway user, edit the gateway user and select the sub ssh user.
Step 4: Login to the remote server (web.eznoc.com) via ezsh.
When you click 'tab' key to view the server details, you can see that you have logged in to the remote server as the Sub SSH user 'Dev' instead of the non-privileged remote SSH login user 'tech' .
How to create a subssh user for multiple remote servers added with a non-privileged remote SSH login user using parallel shell?
Step 1: Login to backend (ezsh) and navigate to user group and press 'F7' or '*' to open parallel shell
Step 2: Run the following commands to grant privileges for remote user.
Step 2(A): Create new config file and add privilege for user group.
If you are using key-based authentication, make sure to provide 'NOPASSWD' in the sudoers file.
[group:All servers]# echo "<username> ALL=(ALL) NOPASSWD:/usr/bin/sh -c *" >> /etc/sudoers.d/user_management
eg: echo "tech ALL=(ALL) NOPASSWD:/usr/bin/sh -c *" >> /etc/sudoers.d/user_management
Step 3: Follow steps 3 and 4 above to create a SubSSH user, map it to the gateway user, and then initiate SSH connections using the newly created users.
Step 4: Syntax check all servers sudoers file
[group:All servers]# visudo -c
Creation of Subssh user fails
If the Ezeelogin gateway server has more remote servers, it will take more time to create the subssh user in all the servers. Refer below article to increase the execution time of the script in the gateway server.
Related articles:
Error: An error occurred while trying to submit the form (error: Forbidden)
Add a server using SSH key pair
Setup public-key in the remote server