--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-09-2008, 09:13 PM
Bruce Marshall
remote SUDO with SSH
On Saturday 09 August 2008, Knapp wrote:
> Is there a way to stop the use of sudo from ssh connections?
>
> Is there a way to turn this off? I turned off remote use of root but
> that did not stop it.
I guess I'm not sure just what you are asking.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-09-2008, 09:28 PM
Knapp
remote SUDO with SSH
On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> On Saturday 09 August 2008, Knapp wrote:
>> Is there a way to stop the use of sudo from ssh connections?
>>
>> Is there a way to turn this off? I turned off remote use of root but
>> that did not stop it.
>
> I guess I'm not sure just what you are asking.
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
If I sign into my computer remotely using SSH, I can then use SUDO to
change things in the computer. I would like this SUDO command not to
function when used my someone remotely.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-10-2008, 12:06 AM
Bruce Marshall
remote SUDO with SSH
On Saturday 09 August 2008, Knapp wrote:
> If I sign into my computer remotely using SSH, I can then use SUDO to
> change things in the computer. I would like this SUDO command not to
> function when used my someone remotely.
Ok, you still haven't mentioned who you are logging in with. The 'normal'
user who has root privs through sudo, or someone else such as root.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-10-2008, 07:04 AM
Knapp
remote SUDO with SSH
On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> On Saturday 09 August 2008, Knapp wrote:
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Ok, you still haven't mentioned who you are logging in with. The 'normal'
> user who has root privs through sudo, or someone else such as root.
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
Logging in as a user with sudo privileges an a computer without su.
I want the user to have them when local but not when remote.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-10-2008, 11:33 AM
"Jonas Norlander"
remote SUDO with SSH
2008/8/10 Knapp <magick.crow@gmail.com>:
> On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>> On Saturday 09 August 2008, Knapp wrote:
>>> If I sign into my computer remotely using SSH, I can then use SUDO to
>>> change things in the computer. I would like this SUDO command not to
>>> function when used my someone remotely.
>>
>> Ok, you still haven't mentioned who you are logging in with. The 'normal'
>> user who has root privs through sudo, or someone else such as root.
>>
> Logging in as a user with sudo privileges an a computer without su.
> I want the user to have them when local but not when remote.
>
>
> --
> Douglas E Knapp
I always do i new group, sshlogin and adding "AllowGroups sshlogin" to
/etc/ssh/sshd_config then i put the user allowed to login with ssh to
that group. If i remember right you can deny commands run by sudo in
/etc/sudoers with something like this: %sshlogin ALL=(ALL)
!/usr/bin/sudo.
I have no idea if it works or there exist a better way.
Wait i see now that that will probably deny them using sudo locally
to. The ALL in above example is the machines this is valid for,
perhaps it's possible to do like this %sshlogin !localhost=(ALL)
!/usr/bin/sudo.
/ Jonas
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-10-2008, 01:20 PM
Derek Broughton
remote SUDO with SSH
Knapp wrote:
> On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>> On Saturday 09 August 2008, Knapp wrote:
>>> Is there a way to stop the use of sudo from ssh connections?
>>>
>>> Is there a way to turn this off? I turned off remote use of root but
>>> that did not stop it.
>>
>> I guess I'm not sure just what you are asking.
> If I sign into my computer remotely using SSH, I can then use SUDO to
> change things in the computer. I would like this SUDO command not to
> function when used my someone remotely.
Then don't permit SSH access to any user with sudo permission.
--
derek
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-10-2008, 01:21 PM
Derek Broughton
remote SUDO with SSH
Bruce Marshall wrote:
> On Saturday 09 August 2008, Knapp wrote:
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Ok, you still haven't mentioned who you are logging in with. The 'normal'
> user who has root privs through sudo, or someone else such as root.
Sure he did. He said he's disallowed root ssh access. It's a normal user
with sudo privilege.
--
derek
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-10-2008, 04:13 PM
Knapp
remote SUDO with SSH
On Sun, Aug 10, 2008 at 3:20 PM, Derek Broughton <news@pointerstop.ca> wrote:
> Knapp wrote:
>
>> On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>>> On Saturday 09 August 2008, Knapp wrote:
>>>> Is there a way to stop the use of sudo from ssh connections?
>>>>
>>>> Is there a way to turn this off? I turned off remote use of root but
>>>> that did not stop it.
>>>
>>> I guess I'm not sure just what you are asking.
>
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Then don't permit SSH access to any user with sudo permission.
> --
> derek
Thanks guys, now I see the answer. Make a new user for each remote
user and limit the heck out of it. All other normal users are not
allowed to use SSH.
But wait a minute, then you can't get at your personal info. :-(
There must be an easy way.
After the SSH mess I really don't want remote users to have su or sudo
access. Maybe I am to paranoid but my firewall reports at least 3 ssh
attempts per day and my web site does not even get that many hits.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
08-10-2008, 05:08 PM
Constantinos Maltezos
remote SUDO with SSH
On Sunday 10 August 2008 2:04:25 am Knapp wrote:
> On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> > On Saturday 09 August 2008, Knapp wrote:
> >> If I sign into my computer remotely using SSH, I can then use SUDO to
> >> change things in the computer. I would like this SUDO command not to
> >> function when used my someone remotely.
> >
> > Ok, you still haven't mentioned who you are logging in with. The
> > 'normal' user who has root privs through sudo, or someone else such as
> > root.
> >
> > --
> > kubuntu-users mailing list
> > kubuntu-users@lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
> Logging in as a user with sudo privileges an a computer without su.
> I want the user to have them when local but not when remote.
Now, I'm not as familiar with ssh as I should be, but I'm wondering if you
could set it up to where only certain users could log in. That way, you could
create new users that can only run programs from a certain directory. Then
you would maybe make symbolic links to everything in /usr/bin and /bin (and
wherever else you might have programs you'd want to link there) in that
directory and remove the links for sudo and su.
But it all depends on if you can blacklist some users from logging in through
ssh.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
remote SUDO with SSH
