Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Kubuntu User (http://www.linux-archive.org/kubuntu-user/)
-   -   remote SUDO with SSH (http://www.linux-archive.org/kubuntu-user/140418-remote-sudo-ssh.html)

Knapp 08-09-2008 08:58 PM

remote SUDO with SSH
 
Is there a way to stop the use of sudo from ssh connections?

Is there a way to turn this off? I turned off remote use of root but
that did not stop it.


--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Bruce Marshall 08-09-2008 09:13 PM

remote SUDO with SSH
 
On Saturday 09 August 2008, Knapp wrote:
> Is there a way to stop the use of sudo from ssh connections?
>
> Is there a way to turn this off? I turned off remote use of root but
> that did not stop it.

I guess I'm not sure just what you are asking.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Knapp 08-09-2008 09:28 PM

remote SUDO with SSH
 
On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> On Saturday 09 August 2008, Knapp wrote:
>> Is there a way to stop the use of sudo from ssh connections?
>>
>> Is there a way to turn this off? I turned off remote use of root but
>> that did not stop it.
>
> I guess I'm not sure just what you are asking.
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>

If I sign into my computer remotely using SSH, I can then use SUDO to
change things in the computer. I would like this SUDO command not to
function when used my someone remotely.

--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Bruce Marshall 08-10-2008 12:06 AM

remote SUDO with SSH
 
On Saturday 09 August 2008, Knapp wrote:
> If I sign into my computer remotely using SSH, I can then use SUDO to
> change things in the computer. I would like this SUDO command not to
> function when used my someone remotely.

Ok, you still haven't mentioned who you are logging in with. The 'normal'
user who has root privs through sudo, or someone else such as root.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Knapp 08-10-2008 07:04 AM

remote SUDO with SSH
 
On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> On Saturday 09 August 2008, Knapp wrote:
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Ok, you still haven't mentioned who you are logging in with. The 'normal'
> user who has root privs through sudo, or someone else such as root.
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
Logging in as a user with sudo privileges an a computer without su.
I want the user to have them when local but not when remote.


--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

"Jonas Norlander" 08-10-2008 11:33 AM

remote SUDO with SSH
 
2008/8/10 Knapp <magick.crow@gmail.com>:
> On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>> On Saturday 09 August 2008, Knapp wrote:
>>> If I sign into my computer remotely using SSH, I can then use SUDO to
>>> change things in the computer. I would like this SUDO command not to
>>> function when used my someone remotely.
>>
>> Ok, you still haven't mentioned who you are logging in with. The 'normal'
>> user who has root privs through sudo, or someone else such as root.
>>
> Logging in as a user with sudo privileges an a computer without su.
> I want the user to have them when local but not when remote.
>
>
> --
> Douglas E Knapp

I always do i new group, sshlogin and adding "AllowGroups sshlogin" to
/etc/ssh/sshd_config then i put the user allowed to login with ssh to
that group. If i remember right you can deny commands run by sudo in
/etc/sudoers with something like this: %sshlogin ALL=(ALL)
!/usr/bin/sudo.
I have no idea if it works or there exist a better way.

Wait i see now that that will probably deny them using sudo locally
to. The ALL in above example is the machines this is valid for,
perhaps it's possible to do like this %sshlogin !localhost=(ALL)
!/usr/bin/sudo.

/ Jonas

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Derek Broughton 08-10-2008 01:20 PM

remote SUDO with SSH
 
Knapp wrote:

> On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>> On Saturday 09 August 2008, Knapp wrote:
>>> Is there a way to stop the use of sudo from ssh connections?
>>>
>>> Is there a way to turn this off? I turned off remote use of root but
>>> that did not stop it.
>>
>> I guess I'm not sure just what you are asking.

> If I sign into my computer remotely using SSH, I can then use SUDO to
> change things in the computer. I would like this SUDO command not to
> function when used my someone remotely.

Then don't permit SSH access to any user with sudo permission.
--
derek


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Derek Broughton 08-10-2008 01:21 PM

remote SUDO with SSH
 
Bruce Marshall wrote:

> On Saturday 09 August 2008, Knapp wrote:
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Ok, you still haven't mentioned who you are logging in with. The 'normal'
> user who has root privs through sudo, or someone else such as root.

Sure he did. He said he's disallowed root ssh access. It's a normal user
with sudo privilege.
--
derek


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Knapp 08-10-2008 04:13 PM

remote SUDO with SSH
 
On Sun, Aug 10, 2008 at 3:20 PM, Derek Broughton <news@pointerstop.ca> wrote:
> Knapp wrote:
>
>> On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>>> On Saturday 09 August 2008, Knapp wrote:
>>>> Is there a way to stop the use of sudo from ssh connections?
>>>>
>>>> Is there a way to turn this off? I turned off remote use of root but
>>>> that did not stop it.
>>>
>>> I guess I'm not sure just what you are asking.
>
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Then don't permit SSH access to any user with sudo permission.
> --
> derek

Thanks guys, now I see the answer. Make a new user for each remote
user and limit the heck out of it. All other normal users are not
allowed to use SSH.

But wait a minute, then you can't get at your personal info. :-(

There must be an easy way.

After the SSH mess I really don't want remote users to have su or sudo
access. Maybe I am to paranoid but my firewall reports at least 3 ssh
attempts per day and my web site does not even get that many hits.

Thanks for the ideas!!

--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Constantinos Maltezos 08-10-2008 05:08 PM

remote SUDO with SSH
 
On Sunday 10 August 2008 2:04:25 am Knapp wrote:
> On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> > On Saturday 09 August 2008, Knapp wrote:
> >> If I sign into my computer remotely using SSH, I can then use SUDO to
> >> change things in the computer. I would like this SUDO command not to
> >> function when used my someone remotely.
> >
> > Ok, you still haven't mentioned who you are logging in with. The
> > 'normal' user who has root privs through sudo, or someone else such as
> > root.
> >
> > --
> > kubuntu-users mailing list
> > kubuntu-users@lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
> Logging in as a user with sudo privileges an a computer without su.
> I want the user to have them when local but not when remote.

Now, I'm not as familiar with ssh as I should be, but I'm wondering if you
could set it up to where only certain users could log in. That way, you could
create new users that can only run programs from a certain directory. Then
you would maybe make symbolic links to everything in /usr/bin and /bin (and
wherever else you might have programs you'd want to link there) in that
directory and remove the links for sudo and su.

But it all depends on if you can blacklist some users from logging in through
ssh.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users


All times are GMT. The time now is 07:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.