Skip to main content

Linux Remote SSH

·464 words·3 mins
lab1918
Author
lab1918

To allow a remote user to SSH into a Linux system with sudo permissions using a key pair, you need to follow several steps. These include generating an SSH key pair, configuring the SSH server, and setting up the user with sudo privileges. Here’s a step-by-step guide:

Step 1: Generate an SSH Key Pair
#

On the remote user’s machine, generate an SSH key pair using the ssh-keygen command. If the user already has an SSH key pair (typically id_rsa and id_rsa.pub in the ~/.ssh directory), they can skip this step or create a new pair specifically for this connection.

ssh-keygen -t rsa -b 4096

This command will prompt for a file in which to save the key and for a passphrase for extra security. The user can press Enter to accept the default file location and choose whether or not to use a passphrase.

Step 2: Copy the Public Key to the Server
#

Next, the public key needs to be copied to the Linux server. This can be done using the ssh-copy-id command:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@server_address

Replace user@server_address with the username and IP address or hostname of the server. If the server is using a different port for SSH, you may need to specify it with the -p flag.

Step 3: Configuring the SSH Server
#

Ensure that the SSH server is configured to accept key-based authentication. This is usually the default, but you can verify it by checking the /etc/ssh/sshd_config file on the server:

  • Look for PubkeyAuthentication yes
  • Ensure PasswordAuthentication is set to no if you want to disable password-based login (optional, for added security).

If you make changes, restart the SSH service:

sudo systemctl restart sshd

Step 4: Granting Sudo Permissions
#

To give the remote user sudo permissions:

  1. Log into the server as a user who already has sudo privileges.

  2. Use the visudo command to edit the sudoers file in a safe manner:

    sudo visudo
    
  3. Add a line for the user:

    username ALL=(ALL) NOPASSWD:ALL
    

    Replace username with the actual username. The NOPASSWD:ALL part allows the user to execute sudo commands without being prompted for a password. If you prefer to require a password, use ALL=(ALL) ALL instead.

  4. Save and exit the editor (usually with Ctrl+O, Enter, and Ctrl+X in nano).

Step 5: Remote Login
#

The remote user can now SSH into the server using their private key:

ssh -i ~/.ssh/id_rsa user@server_address

Once logged in, they should be able to use sudo to perform administrative tasks.

Security Considerations
#

  • Regularly review who has sudo access and remove permissions when no longer needed.
  • Monitor the server’s SSH access logs for unauthorized attempts.
  • Keep the server and all software updated for security.

This setup provides secure, key-based SSH access with sudo privileges, enhancing both convenience and security for remote administration.