Skip to Content

How to add a subssh user with non privileged remote ssh login user

692  Rakhi May 17, 2024  Features & Functionalities

How to create sub ssh user when a remote server is added with non privileged remote SSH Login User?

This article details on how to add a remote server 'web.eznoc.com' to the Ezeelogin gateway with Remote SSH Login User  'Tech' ( non privileged system user )  and allows the gateway user 'Ted' to log in to the remote server as a SubSSH user 'Dev' ( non privileged system user )

Step 1: Add the remote server (web.eznoc.com) with the non-privileged Remote SSH Login User(tech).

Step 2: Grant necessary privileges to the Remote SSH Login User in the sudoers file on the remote SSH server (web.eznoc.com).

     2.a: Create a config file for granting privileges for user group and assign permissions.

If you are using key-based authentication, make sure to provide 'NOPASSWD' in the sudoers file.

[email protected]:~# vim /etc/sudoers.d/user_management

%<new_group_name> ALL=(ALL) NOPASSWD:/usr/bin/sh -c *

eg:  tech ALL=(ALL) NOPASSWD:/usr/bin/sh -c *

[email protected]:~# chmod 440 /etc/sudoers.d/user_management

     2.b: Check syntax of sudoers file

[email protected]:~# visudo -c
/etc/sudoers: parsed OK
/etc/sudoers.d/user_management: parsed OK

Step 3: Create SubSSH user (Dev) and perform mapping.

     3.a: Create SubSSH user

     3.b: For mapping SubSSH user based on groups

   3.c: For mapping SubSSH user for an gateway user

Step 4: Login to the remote server (web.eznoc.com) via ezsh.

When you click on the server details, you can see that you have logged in to the remote server as the Sub SSH user 'Dev' instead of the non-privileged remote SSH login user 'tech' .

How to create sub ssh user when remote servers are added with non privileged remote SSH login user for multiple servers with parallel shell?

Step 1: Login to Ezeelogin shell (ezsh) and navigate to user group and press 'F7' or '*' to open parallel shell

Step 2: Run the following commands to grant privileges for remote user.

     2.a: Run below command to create new config file and add privilege for user group.

If you are using key-based authentication, make sure to provide 'NOPASSWD' in the sudoers file.

[group:All servers]# echo "<username> ALL=(ALL) NOPASSWD:/usr/bin/sh -c *" >> /etc/sudoers.d/user_management

eg:  echo "tech ALL=(ALL) NOPASSWD:/usr/bin/sh -c *" >> /etc/sudoers.d/user_management

Step 3: Follow above sections step 3 and step 4 to create subssh user, create mapping with gateway user and establish a mapping with the gateway user, and initiate SSH connections using the newly created users.

Step 4: Syntax check all servers sudoers file

[group:All servers]# visudo -c

Related articles:

Add Linux instance

Add a server using SSH key pair

Setup public-key in the remote server

User identity and access management in SSH

 

 
Rating: 5 (1 Votes)