FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Kubuntu User

 
 
LinkBack Thread Tools
 
Old 08-09-2008, 08:58 PM
Knapp
 
Default remote SUDO with SSH

Is there a way to stop the use of sudo from ssh connections?

Is there a way to turn this off? I turned off remote use of root but
that did not stop it.


--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-09-2008, 09:13 PM
Bruce Marshall
 
Default remote SUDO with SSH

On Saturday 09 August 2008, Knapp wrote:
> Is there a way to stop the use of sudo from ssh connections?
>
> Is there a way to turn this off? I turned off remote use of root but
> that did not stop it.

I guess I'm not sure just what you are asking.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-09-2008, 09:28 PM
Knapp
 
Default remote SUDO with SSH

On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> On Saturday 09 August 2008, Knapp wrote:
>> Is there a way to stop the use of sudo from ssh connections?
>>
>> Is there a way to turn this off? I turned off remote use of root but
>> that did not stop it.
>
> I guess I'm not sure just what you are asking.
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>

If I sign into my computer remotely using SSH, I can then use SUDO to
change things in the computer. I would like this SUDO command not to
function when used my someone remotely.

--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-10-2008, 12:06 AM
Bruce Marshall
 
Default remote SUDO with SSH

On Saturday 09 August 2008, Knapp wrote:
> If I sign into my computer remotely using SSH, I can then use SUDO to
> change things in the computer. I would like this SUDO command not to
> function when used my someone remotely.

Ok, you still haven't mentioned who you are logging in with. The 'normal'
user who has root privs through sudo, or someone else such as root.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-10-2008, 07:04 AM
Knapp
 
Default remote SUDO with SSH

On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> On Saturday 09 August 2008, Knapp wrote:
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Ok, you still haven't mentioned who you are logging in with. The 'normal'
> user who has root privs through sudo, or someone else such as root.
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
Logging in as a user with sudo privileges an a computer without su.
I want the user to have them when local but not when remote.


--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-10-2008, 11:33 AM
"Jonas Norlander"
 
Default remote SUDO with SSH

2008/8/10 Knapp <magick.crow@gmail.com>:
> On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>> On Saturday 09 August 2008, Knapp wrote:
>>> If I sign into my computer remotely using SSH, I can then use SUDO to
>>> change things in the computer. I would like this SUDO command not to
>>> function when used my someone remotely.
>>
>> Ok, you still haven't mentioned who you are logging in with. The 'normal'
>> user who has root privs through sudo, or someone else such as root.
>>
> Logging in as a user with sudo privileges an a computer without su.
> I want the user to have them when local but not when remote.
>
>
> --
> Douglas E Knapp

I always do i new group, sshlogin and adding "AllowGroups sshlogin" to
/etc/ssh/sshd_config then i put the user allowed to login with ssh to
that group. If i remember right you can deny commands run by sudo in
/etc/sudoers with something like this: %sshlogin ALL=(ALL)
!/usr/bin/sudo.
I have no idea if it works or there exist a better way.

Wait i see now that that will probably deny them using sudo locally
to. The ALL in above example is the machines this is valid for,
perhaps it's possible to do like this %sshlogin !localhost=(ALL)
!/usr/bin/sudo.

/ Jonas

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-10-2008, 01:20 PM
Derek Broughton
 
Default remote SUDO with SSH

Knapp wrote:

> On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>> On Saturday 09 August 2008, Knapp wrote:
>>> Is there a way to stop the use of sudo from ssh connections?
>>>
>>> Is there a way to turn this off? I turned off remote use of root but
>>> that did not stop it.
>>
>> I guess I'm not sure just what you are asking.

> If I sign into my computer remotely using SSH, I can then use SUDO to
> change things in the computer. I would like this SUDO command not to
> function when used my someone remotely.

Then don't permit SSH access to any user with sudo permission.
--
derek


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-10-2008, 01:21 PM
Derek Broughton
 
Default remote SUDO with SSH

Bruce Marshall wrote:

> On Saturday 09 August 2008, Knapp wrote:
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Ok, you still haven't mentioned who you are logging in with. The 'normal'
> user who has root privs through sudo, or someone else such as root.

Sure he did. He said he's disallowed root ssh access. It's a normal user
with sudo privilege.
--
derek


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-10-2008, 04:13 PM
Knapp
 
Default remote SUDO with SSH

On Sun, Aug 10, 2008 at 3:20 PM, Derek Broughton <news@pointerstop.ca> wrote:
> Knapp wrote:
>
>> On Sat, Aug 9, 2008 at 11:13 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
>>> On Saturday 09 August 2008, Knapp wrote:
>>>> Is there a way to stop the use of sudo from ssh connections?
>>>>
>>>> Is there a way to turn this off? I turned off remote use of root but
>>>> that did not stop it.
>>>
>>> I guess I'm not sure just what you are asking.
>
>> If I sign into my computer remotely using SSH, I can then use SUDO to
>> change things in the computer. I would like this SUDO command not to
>> function when used my someone remotely.
>
> Then don't permit SSH access to any user with sudo permission.
> --
> derek

Thanks guys, now I see the answer. Make a new user for each remote
user and limit the heck out of it. All other normal users are not
allowed to use SSH.

But wait a minute, then you can't get at your personal info. :-(

There must be an easy way.

After the SSH mess I really don't want remote users to have su or sudo
access. Maybe I am to paranoid but my firewall reports at least 3 ssh
attempts per day and my web site does not even get that many hits.

Thanks for the ideas!!

--
Douglas E Knapp

http://sf-journey-creations.wikispot.org/Front_Page

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 08-10-2008, 05:08 PM
Constantinos Maltezos
 
Default remote SUDO with SSH

On Sunday 10 August 2008 2:04:25 am Knapp wrote:
> On Sun, Aug 10, 2008 at 2:06 AM, Bruce Marshall <bmarsh@bmarsh.com> wrote:
> > On Saturday 09 August 2008, Knapp wrote:
> >> If I sign into my computer remotely using SSH, I can then use SUDO to
> >> change things in the computer. I would like this SUDO command not to
> >> function when used my someone remotely.
> >
> > Ok, you still haven't mentioned who you are logging in with. The
> > 'normal' user who has root privs through sudo, or someone else such as
> > root.
> >
> > --
> > kubuntu-users mailing list
> > kubuntu-users@lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
> Logging in as a user with sudo privileges an a computer without su.
> I want the user to have them when local but not when remote.

Now, I'm not as familiar with ssh as I should be, but I'm wondering if you
could set it up to where only certain users could log in. That way, you could
create new users that can only run programs from a certain directory. Then
you would maybe make symbolic links to everything in /usr/bin and /bin (and
wherever else you might have programs you'd want to link there) in that
directory and remove the links for sudo and su.

But it all depends on if you can blacklist some users from logging in through
ssh.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 

Thread Tools




All times are GMT. The time now is 06:02 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org