Privileged access management in Linux
How to login to a remote server as a non-privileged user and escalate privileges in SSH?
Overview: This article helps to configure two methods methods that allow a gateway user to log in to a remote server as a non-privileged user and seamlessly switch to the root user without being prompted for a password.
Method 1: SubSSH User
Step 1(A): Login to the web GUI and create a SubSSH user. This will create a non-privileged user on the remote servers.
Step 1(B): Map the SubSSH user to the gateway user.
Step 1(C): Login to the remote server and add the created SubSSH user to the sudoers file. This will enable non-privileged user to switch to root without being prompted for a password.
root@remote_server ~]# visudo
alex ALL=(ALL:ALL) NOPASSWD: ALL
Step 1(D): Login to backend(ezsh), then access the remote server and switch to the root user.
Method 2: Pass User Through
Step 2(A): Log in to the remote server and create a user with the same username as the gateway user. Then, either set the same password or configure SSH key-based authentication.
root@remote_server ~]# adduser tony
Step 2(B): Edit the gateway user and change Pass User Through to Yes.
Step 2(C): Login to the remote server and add the Pass user to the sudoers file. This will enable the non-privileged user to switch to root without being prompted for a password.
root@remote_server ~]# visudo
tony ALL=(ALL:ALL) NOPASSWD: ALL
Step 2(D): Login to backend(ezsh), then access the remote server and switch to the root user.
Related Articles:
User identity and access management in SSH
SSH Connection to a Remote Server Using the Same Username as SSH Gateway User
Configure Automatic su or sudo
Access different servers with different subssh users
How to create sub SSH users on remote servers and restrict commands via sudoers file
How to change mapped sub ssh group
How to add a subssh user with non privileged remote ssh login user