[Klug-general] rebooting remote server

Dan Attwood danattwood at gmail.com
Wed Oct 2 08:20:20 UTC 2013


 I've tested the ssh part and that works fines, it log straight in.

in visudo I added:

administrator   ALL=(ALL:ALL) NOPASSWD:  /sbin/shutdown

on the local machine I then run:

ssh -t 10.0.100.38   /sbin/shutdown -r 03:00

but it says: shutdown need to be root

if I run it with sudo:

ssh -t 10.0.100.38   sudo /sbin/shutdown -r 03:00

it then asks for a password.

I'm guessing i've got something wrong in the sudoers file somewhere.



On 1 October 2013 17:25, Paul Littlefield <info at paully.co.uk> wrote:

> On 01/10/13 17:09, Paul Littlefield wrote:
>
>> I might have a google for you now...
>>
>
> ...yes, lots on this particular subject!
>
> http://bit.ly/1hijZQe
>
> It seems you have to check 3 things...
>
> 1. Who you are logging in as and exactly what SSH key they use.
> 2. What that user is allowed to do in the /etc/sudoers file.
> 3. What SSH allows you to do.
>
> I have just tried...
>
>    ssh me at myserver sudo ls
>
> ...and it failed with errors.
>
>    ssh -t me at myserver sudo ls
>
> ...worked and asked me for a password.
>
> So...
>
> 1. Check your passwordless SSH key works normally first. You can specify
> which one to use with the -i option.
> 2. Try and read the massive 'man sudoers' page. The fix for 1 person
> seemed to be...
>    %sudo   ALL=(ALL:ALL) NOPASSWD: ALL
>   ...please check this out, because it seems a bit risky to me.
>   or maybe
>    admin   ALL=(ALL:ALL) NOPASSWD: REBOOT
>
>
> 3. ssh -t will fix it.
>
>
> Hope this helps, and let me know how you get on.
>
>
>
>
> --
>
> Paul Littlefield
>
> Telephone: 07801 125705
> Email: info at paully.co.uk
> Web: http://www.paully.co.uk
> Twitter: https://twitter.com/**paullittlefield<https://twitter.com/paullittlefield>
> Wiki: http://wiki.indie-it.com/**index.php?title=Special:**AllPages<http://wiki.indie-it.com/index.php?title=Special:AllPages>
> Blog: http://www.littlefield.info
> Photo: http://gravatar.com/**plittlefield<http://gravatar.com/plittlefield>
> LinkedIn: http://uk.linkedin.com/in/**paullittlefield<http://uk.linkedin.com/in/paullittlefield>
> Trakt: http://trakt.tv/user/**plittlefield<http://trakt.tv/user/plittlefield>
>
> Paul Littlefield is environmentally responsible. Please consider the
> environment before printing this email. This email and any attachment is
> intended for the named addressee only, or person authorised to receive it
> on their behalf. The content should be treated as confidential and the
> recipient may not disclose this message or any attachment to anyone else
> without authorisation. If this transmission is received in error please
> notify the sender immediately and delete this message from your email
> system. All electronic transmissions to and from me are recorded and may be
> monitored. Finally, the recipient should check this email and any
> attachments for viruses. Paul Littlefield accepts no liability for any
> damage caused by any virus transmitted by this email.
>
> Notebook LENOVO ThinkPad Edge
> Intel(R) Core(TM) i3 CPU U 380 @ 1.33GHz
> Portage 2.1.12.2 (default/linux/amd64/13.0/**desktop, gcc-4.7.2,
> glibc-2.15-r3, 3.10.7-gentoo x86_64)
> Gentoo Base System release 2.1
> This is a pre-release version of the X server from The X.Org Foundation.
> latest version in the X.Org Foundation git repository.
> X.Org X Server 1.14.2.902 (1.14.3 RC 2)
> xfce-base/xfdesktop-4.10.2
> x11-drivers/xf86-video-intel-**2.21.15
>
> ______________________________**_________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/**mailman/listinfo/kent<https://mailman.lug.org.uk/mailman/listinfo/kent>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20131002/4a726bf3/attachment-0001.html>


More information about the Kent mailing list