Troubleshoot Sudo Configuration in Linux

Troubleshoot Sudo Configuration in Linux.

By redhat bablu
SCENARIO:
You realize that someone has broken the sudo configuration on serverX, that you will need to
correct.
Deliverable:
Server X can now be administered by student via sudo without being prompted for a password.
Members of the wheel group can also administer the system, but will be prompted for a
password.
Introductions:
Troubleshoot Sudo Configuration in Linux
1. If necessary :
Connect to serverX as student and escalate your privileges to root with su-.
We will begin by “Breaking” the Sudo configuration on serverX, by running the
following command:
[root@serverX ~]# tssudo break
Command set up the problem and explain goal. The goal will be stored in the file/etc/ts
for later reference.
>If You are not quickly solving the problem, you may need a hint. Hints can be displayed
by using the hint argument:
[root@serverX ~]# tssudo hint 1
This will display the first hint for the tssudo problem. Continue to invoke hints,
incrementing the number, untill you get enough information to solve the problem or
until you run out of hints.
After solving the problem (or if you run out of hints and still find yourself stuck), run
thr following command:
[root@serverX ~]# tssudo lesson
This will tell the lesson intended to be tought by this problem (and hopefully how to
solve it if you were still stuck).
2. Solutions :
If necessary, open a terminal window on stationX via Applications->
Accessories->Terminal.
As student on stationX, generate an ssh public/Private key pair. the -t command.So that
keys appropriate for the RSA Algorithm are generated.
Choose default option for key locations. Also choose a blank passphrase for now. We will
protect your private key later.
[student@stationX ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/I’d_rsa) : Enter r
Created directory ‘/home/student/.ssh’.
Enter
Enter same passphrase again : Enter
Your identification has been saved in /home/student/.ssh/Id_rsa.pub.
The key fingerprint is :
aa:11:33:45:11:cc:aa:66:99:00:ee student@stationX.example.com
Note: The above key fingerprint will vary based on the random key pair generated on
your system.
Examine the contents of the pair of newly created files, ~/.ssh/id_rsa and
~/.ssh/id_rsa.pub.
[student@stationX ~]$ cat ~/.ssh/id_rsa
….output omitted….
[student@stationX ~]$ cat ~/.ssh/id_rsa.pub
….output omitted….
Use the ssh-copy-id command to add the key you just generated to student@serverX
list of authorized keys. Be sure to specify the path to your key with the -I option.
student@serverX.example.com’s password :
You should now be able to access student@serverX’s account without needing to supply
a password. Test this by using ssh to execute a command remotely.
[student@stationX ~]$ ssh student@serverX id
500(student) gid=500(student) groups=500 (student)……
If things are not properly configured, ssh will fall back to password authentication, and
prompt for a password. There are several step you can take to help debug the situation.
First, examine /var/log/message/ and var/log/secure on the server for helpful
information.
Second use the, -V option will product will produce more debug information.
On stationX, use ssh-keygen to add a passphrase to the private key in ~/ssh/id_rsa.
HINT: you will need to find the appropriate options for specitying both the key you wish
to
Change and what you wish to change about it (the passphrase). Use the man page or
ssh-keygen
[student@stationX ~] $ ssh-keygen -p -f~/.Ssh/id_rsa
Key has comment /home/student/.ssh/id_rsa
Enter new passphrase (empty for no passphras e): your passphrase
Enter name passpnrase again: Your passparase
Your ident ification has been saved with the new passphrase.
7. Verify that the ssh-agent was staried by the graphical desktop you are running:
[student@serverX~] $ ps -P $(/sbin/pidof ssh-agent)Use ssh-add to provide ssh-agent with your key.
ssh-agent can access the key.
student estationx s ssh-add
Enter passphrase for /home/student/.ssh/id _rsa: your passphrase
Identi ty added: /home/ student/. ssh/id_rsa (/home/student/.ssh/id rsa)
You can configure ssh-add to run automatically when you log in by adding it to the
Gnome
startup.
Navigate to System->Preterences-> MMore Preferences-> Sessions. Choose the Start Up
Programs
tab and click the Add button. Enter the full pathname as: /usr/bin/ssh-add, then close
the
dialog wth OK and Close.
Logout (System->Log Out student… and choose Log Out) then 1og in again. After the
initial
All SsH connections spawned from processes within this X1l session wil be provIded the
passphrase.
You should now be able to access student@serverXs account without needing to supply
password, nor a passphrase. lest this by using ssh to execute a command remotely.[student@stationX ~]$ ssh student@serverX id
When done, close your ssh session and terminal window.
If necessary, connect to serverX as student and escalate your privileges to root with su –
[student@serverX ~]$ ssh serverX
Password: Student
[student@serverX ~]$ su –
Password: redhat
[root@serverX ~]#
2 We will begin by “breaking” the sudo configuration on serverX, by running the
following Commmand:
[root@serverX ~]# tssudo break
This command will set up the problem and will explain the goal.
nle /etc/ts ror later relerence.
3 If you are not quickly solving the problem. you may need a hint. Hints can be displayed
by
using the hint argument
[root@serverX ~]# tssudo hint 1
This will display the first hint for the tssudo problem. Continue to invoke hints,
incrementing
the number, until you get enough information to solve the problem or until you run Out
of hints.
[root@serverX ~]# tssudo hint 2
[root@serverX ~] # tssudo hint 3
and so on…….
The hint argument will tell you when you have reached the end of the hints.
4 After solving the problem (or if you run out of hints and still find yourself stuck), run
theTolowing commandrootoserverx-# tssudo lesson, This will tell the lessons intended to
be taught by this problem (and hopefully how to solve it if, you were still stuck).
If, after reading the hints and the lesson, you are unable to soIve the problem, call the
instructor
for assistance

retechnologynews

Hello my name is abdul and i give you information related to technology in this blog and trending news also my aim is to keep giving you every information related to technology RetechnologyNews

One thought on “Troubleshoot Sudo Configuration in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *