I connect to a host via SSH with a passphrase. When i am in that host I want to install a few packages for which I have to switch to 'root'. While doing so, it asks for 'Password' and obviously my passphrase doesn't work here. This host is setup only for SSH access. How to get the password details?
You can't switch to the root-user with your own password for obvious reasons. Either you are allowed to sudo su root (which may ask for YOUR password) or you do su root (which asks for root's password)
Related
Here is my situation. I want to access a server through a jumpbox/bastion host.
so, I will login as normal user in jumpbox and then change user to root after that login to remote server using root. I dont have direct access to root in jumpbox.
$ ssh user#jumpbox
$ user#jumpbox:~# su - root
Enter Password:
$ root#jumpbox:~/ ssh root#remoteserver
Enter Password:
$ root#remoteserver:~/
Above is the manual workflow. I want to achieve this in ansible.
I have seen something like this.
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q user#jumpbox"'
This doesnot work when we need to switch to root and login to remote server.
There are a few things to unpack here:
General Design / Issue:
This isn't an Ansible issue, it's an ssh issue/proxy misconfiguration.
A bastion host/ssh proxy isn't meant to be logged into and have commands ran directly on it interactively (like su - root, enter password, then ssh...). That's not really a bastion, that's just a server you're logging into and running commands on. It's not an actual ssh proxy/bastion/jump role. At that point you might as well just run Ansible on the host.
That's why things like ProxyJump and ProxyCommand aren't working. They are designed to work with ssh proxies that are configured as ssh proxies (bastions).
Running Ansible Tasks as Root:
Ansible can run with sudo during task execution (it's called "become" in Ansible lingo), so you should never need to SSH as the literal root user with Ansible (shouldn't ssh as root ever really).
Answering the question:
There are a lot of workarounds for this, but the straightforward answer here is to configure the jump host as a proper bastion and your issue will go away. An example...
As the bastion "user", create an ssh key pair, or use an existing one.
On the bastion, edit the users ~/.ssh/config file to access the target server with the private key and desired user.
EXAMPLE user#bastion's ~/.ssh/config (I cringe seeing root here)...
Host remote-server
User root
IdentityFile ~/.ssh/my-private-key
Add the public key created in step 1 to the target servers ~/.ssh/authorized_keys file for the user you're logging in as.
After that type of config, your jump host is working as a regular ssh proxy. You can then use ProxyCommand or ProxyJump as you had tried to originally without issue.
Is it possible to login from local to remote Linux PC SSH by (not root) user that presents in both systems without password input? I mean - use /etc/shadow on both points as password for login to remote SSH with same user credentials (login and password identical on both systems).
Main point - is not use key based authentication and use encrypted password (SHA-512) to login on remote SSH.
To set up a system to login into a remote system with no password required, you create a new encryption key:
ssh-keygen -t ed25519
Copy the file to the remote:
ssh-copy-id -i ~/.ssh/id_ed25519.pub user#remote
Now when you ssh into the remote, you will no longer be asked for the password.
I have a DigitalOcean droplet that doesn't have my ssh public key on it. I do know the root password, so I want to login using that and add my ssh key. How can I achieve this? Everytime I try to login using ssh root#xxx.xxx.xx.xx it tells me Permission denied (publickey). But then it doesn't prompt me for the root password. What am I doing wrong here?
I'm not sure if it's an option with DigitalOcean, but you need to enable the "PermitRootLogin" option in the server's sshd config (normally /etc/ssh/sshd_config ) if you really want to log in as root this way.
I need to do a sudo command on a ssh server.
It asks for password
[sudo] password for myname:
but it's apparently different from the password for ssh server itself.
Can sudo only be used by root?
If not, should I ask the maintenance people for the password?
Or is there a way to set it up myself?
See : http://www.gratisoft.us/sudo/sudoers.man.html
Specifically see rootpw, targetpw , etc.
It is possible to have two different passwords, one for the account and another for the sudo command.
You should ask to the Maintenance people....
For some reason, after a plesk update, I can no longer login to ssh as root using my old password. I have tried to create a user with:
/bin/bash & /bin/bash (chrooted) in plesk
Which lets me login but has no root privileges. How can I either recover my old password or get access to the ssh config to check whether root login is disabled. I installed ssh term in plesk, but that bums out with an error of:
jarsigning exception
Guess it's because there is only the default certificate on the server. I would be grateful if someone could help with this as I have reached a point where I am struggling to find other things to try. Many thanks
Plesk 11.5 CentOS 6 SSH Client
Once you are logged with the non-root user try to type "su" or "su root" and the enter your root password, it will allow you to become root.
Note that su allow you to login as any user, the syntax is "su username".