Skip to Content

Privileged access management in Linux

How to login to a remote server as a non-privileged user and escalate privileges in SSH?


Overview: This article helps to configure two methods methods that allow a gateway user to log in to a remote server as a non-privileged user and seamlessly switch to the root user without being prompted for a password.


Method 1: SubSSH User

Step 1(A): Login to the web GUI and create a SubSSH user. This will create a non-privileged user on the remote servers.

Step 1(B): Map the SubSSH user to the gateway user.

Step 1(C): Login to the remote server and add the created SubSSH user to the sudoers file. This will enable non-privileged user to switch to root without being prompted for a password.

root@remote_server ~]# visudo

alex ALL=(ALL:ALL) NOPASSWD: ALL

Step 1(D): Login to backend(ezsh), then access the remote server and switch to the root user.

Method 2:  Pass User Through

Step 2(A): Log in to the remote server and create a user with the same username as the gateway user. Then, either set the same password or configure SSH key-based authentication.

root@remote_server ~]# adduser tony

Step 2(B): Edit the gateway user and change Pass User Through to Yes.

Step 2(C): Login to the remote server and add the Pass user to the sudoers file. This will enable the non-privileged user to switch to root without being prompted for a password.

root@remote_server ~]# visudo

tony ALL=(ALL:ALL) NOPASSWD: ALL

Step 2(D): Login to backend(ezsh), then access the remote server and switch to the root user.


Related Articles:

User identity and access management in SSH

SSH Connection to a Remote Server Using the Same Username as SSH Gateway User

Configure Automatic su or sudo

Access different servers with different subssh users

How to create sub SSH users on remote servers and restrict commands via sudoers file

How to change mapped sub ssh group

How to add a subssh user with non privileged remote ssh login user