[RndTbl] SSH to a role (not exactly)

Trevor Cordes trevor at tecnopolis.ca
Thu Mar 5 22:43:13 CST 2015


On 2015-03-05 Kevin McGregor wrote:
> I'm using Solaris 11.2. I can do this:
> 
> logon with an unprivileged account which is allowed to take on the
> 'root' role
> su
> type password
> run privileged command
> end the su
> 
> This works fine. The privileged command I want to run, though, is to
> SSH to another system with the same account and run the command
> *there* as the remotely privileged account/role, all from a script
> and without (obviously) having to type a password anywhere.

But your manual process outlined has you typing the password (for su).
If you can't have it be passwordless manually, how can you make it
passwordless when scripted?  Give us a manual step-by-step process
first that is passwordless, then we'll worry about scripting it.  :-)

Why is ssh privileged on the middle system?  Can't just any user ssh to
the final box?

> I've figured out how to do all this IF root is *not* a role and is a
> regular account. How do I do it while leaving root as a role?

Sorry, I can't help with roles, I don't use Solaris.


More information about the Roundtable mailing list