Re: sudo and Debian (was ssh and Debian)
* Brian Schramm ([EMAIL PROTECTED]) [011003 06:29]: > Hmm, even using the PASSWD: option I still don't have to enter my > password. I don't know why. debian's sudo package has the password timeout set to 15 minutes. This means that once you enter your password once, as long as you don't wait more than 15 minutes between sudo commands, you won't have to enter it again. The password timeout can be immediately expired with 'sudo -k'. Was this the problem? Or did you never have to enter your password at all? Maybe you did enter it once and then kept testing to see that it wasn't asking for you password, but each of your tests was within 15 minutes of the last. good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' pgpApmo5k7Z4X.pgp Description: PGP signature
Re: ssh and debian
--- Brian Schramm <[EMAIL PROTECTED]> (2001-10-02 15:10): > For some reason my debian box never propts me for a ssh password when loging > into a sudo session. Is there some setting I need to do to tell it to ask me? Are you part of the sudo group? If you are, you're never prompted for a password when you use sudo. Just a guess :) Cheers, Sean -- Sean Quinlan ([EMAIL PROTECTED])
sudo and Debian (was ssh and Debian)
I get the same thing. I also run Sun's and other unix systems that do not have this problem. I figure it is a problem with Debian but I am not sure. Anyone got any ideas at all? Brian Date: Tue, 2 Oct 2001 16:26:33 -0400 From: dman <[EMAIL PROTECTED]> To: debian-user@lists.debian.org Subject: Re: ssh and debian Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Oct 02, 2001 at 01:21:19PM -0400, Brian Schramm wrote: | Sorry for teh confusion. I use ssh to log in and sudo to change to the | superuser account. I ment sudo and debian in my letter. Now here is my Ah, ok. | problem. I log into my remote machine by ssh and then change to the sudo | system from there. No matter what I have tried it never askes me for a | password. I have had this happen ever since I have used debian and I have | never had it do that for me on any other system. It does not matter if I | am loged into the local console or a remote console. Here is my sudoers | file: | | # sudoers file. | # | # This file MUST be edited with the 'visudo' command as root. | # | # See the man page for details on how to write a sudoers file. | # | | # Host alias specification | | # User alias specification | | # Cmnd alias specification | | # User privilege specification | rootALL=(ALL) ALL | bschrammALL=(ALL) ALL | | This file works in other systems so I am not quite sure why it does not | work as expected here. It looks to me like that would require your password ... however a quick test on my debian box shows that it doesn't. Some snippets from 'man sudoers' that seem relevant : The reserved word ALL is a built in alias that always causes a match to succeed. It can be used wherever one might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias, or Host_Alias. You should not try to define your own alias called ALL as the built in alias will be used in preference to your own. Please note that using ALL can be dangerous since in a command context, it allows the user to run any command on the system. - The User specification is the part that actually determines who may run what. root ALL = (ALL) ALL %wheel ALL = (ALL) ALL We let root and any user in group wheel run any command on any host as any user. FULLTIMERS ALL = NOPASSWD: ALL Full time sysadmins (millert, mikef, and dowdy) may run any command on any host without authenticating themselves. PARTTIMERS ALL = ALL Part time sysadmins (bostley, jwfox, and crawl) may run any command on any host but they must authenticate themselves first (since the entry lacks the NOPASSWD tag). Hmm, even using the PASSWD: option I still don't have to enter my password. I don't know why. -D -- Brian Schramm 919-871-6466 [EMAIL PROTECTED]
Re: ssh and debian
On Tue, Oct 02, 2001 at 01:21:19PM -0400, Brian Schramm wrote: | Sorry for teh confusion. I use ssh to log in and sudo to change to the | superuser account. I ment sudo and debian in my letter. Now here is my Ah, ok. | problem. I log into my remote machine by ssh and then change to the sudo | system from there. No matter what I have tried it never askes me for a | password. I have had this happen ever since I have used debian and I have | never had it do that for me on any other system. It does not matter if I | am loged into the local console or a remote console. Here is my sudoers | file: | | # sudoers file. | # | # This file MUST be edited with the 'visudo' command as root. | # | # See the man page for details on how to write a sudoers file. | # | | # Host alias specification | | # User alias specification | | # Cmnd alias specification | | # User privilege specification | rootALL=(ALL) ALL | bschrammALL=(ALL) ALL | | This file works in other systems so I am not quite sure why it does not | work as expected here. It looks to me like that would require your password ... however a quick test on my debian box shows that it doesn't. Some snippets from 'man sudoers' that seem relevant : The reserved word ALL is a built in alias that always causes a match to succeed. It can be used wherever one might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias, or Host_Alias. You should not try to define your own alias called ALL as the built in alias will be used in preference to your own. Please note that using ALL can be dangerous since in a command context, it allows the user to run any command on the system. - The User specification is the part that actually determines who may run what. root ALL = (ALL) ALL %wheel ALL = (ALL) ALL We let root and any user in group wheel run any command on any host as any user. FULLTIMERS ALL = NOPASSWD: ALL Full time sysadmins (millert, mikef, and dowdy) may run any command on any host without authenticating themselves. PARTTIMERS ALL = ALL Part time sysadmins (bostley, jwfox, and crawl) may run any command on any host but they must authenticate themselves first (since the entry lacks the NOPASSWD tag). Hmm, even using the PASSWD: option I still don't have to enter my password. I don't know why. -D
re: ssh and debian
Sorry for teh confusion. I use ssh to log in and sudo to change to the superuser account. I ment sudo and debian in my letter. Now here is my problem. I log into my remote machine by ssh and then change to the sudo system from there. No matter what I have tried it never askes me for a password. I have had this happen ever since I have used debian and I have never had it do that for me on any other system. It does not matter if I am loged into the local console or a remote console. Here is my sudoers file: # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification rootALL=(ALL) ALL bschrammALL=(ALL) ALL This file works in other systems so I am not quite sure why it does not work as expected here. Thanks Brian Brian Schramm [EMAIL PROTECTED]ICQ 104442754 AIM schrammbrian www.linuxexpert.org
Re: ssh and debian
On Tue, Oct 02, 2001 at 10:00:07AM -0400, Brian Schramm wrote: | For some reason my debian box never propts me for a ssh password | when loging into a sudo session. Is there some setting I need to do | to tell it to ask me? I'm not sure what you mean, sudo and ssh are two different things. sudo : If you have the NOPASSWD option specified in /etc/sudoers then you don't have to enter your password to run the given command via sudo. ssh : If you have set up public key authentication correctly then you don't need to enter your password for the ssh session. HTH, -D
ssh and debian
For some reason my debian box never propts me for a ssh password when loging into a sudo session. Is there some setting I need to do to tell it to ask me? Thanks -- Brian Schramm 919-871-6466 [EMAIL PROTECTED]