Log in linux without password

Logging in with ‘su’ without entering a password

How can I log in with the su command in one line in the terminal? I know that the sudo command can do that:

echo [password] | sudo -S [command] 

echo [password] | su [username] 

I don’t have access to the sudo account (so I can’t access and edit the sudoers file). I know that the right syntax is basically:

What I want to do is to add a su command to aliases without being needed to enter password every time

If you have superuser rights anyway just give you sudo rights. Otherwise the fastest possible way to get a root shell via su is this: su —login , but you need to interactively enter the root password.

3 Answers 3

The correct answer is:
THIS IS DANGEROUS ! DO NOT DO THIS ! IT COMPLETELY BREAKS YOUR SECURITY .

But.
If you don’t care about security you can do it like this:

gcc main.c -o mysuidshell sudo chown root mysuidshell && sudo chmod u+s mysuidshell 

You can now create the alias that you mentinoed in the comment on LXGA’s answer:

Although it’s still terrible idea security-wise, you also have the extremely tiny advantage that your password is not somewhere visible in cleartext.

Depending on what you want to do you can change the code so that it can change to other users than root, run different shells, .

But you will be basically re-inventing the wheel ( su and sudo ) but less secure.

How can I log in with the su command in one line in the terminal?

This is for using sudo with not getting prompted for a password every time :

edit the /etc/sudoers file via visudo or sudo visudo

in RHEL/CentOS 7 at least, down at the bottom of the /etc/sudoers file you will see the COMMANDS section. Specifically this:

## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL 

by default. for RHEL/CentOS I can’t speak for other linux distro’s on how they may make use of this. simply comment out the first with # and put into effect the line having the NOPASSWD: ALL syntax. Or enter this syntax.

The %wheel means those accounts in the wheel group as defined in /etc/group . You can add a line and make it %users for example to allow any account in the users group this no password functionality, if you use the users group (with gid 100) in that manner.

For the How can I of being just you, the %wheel syntax with the % means wheel is a group. To specify a specific user account, just remove the % and use a user account in place of the group name. For example:

## Allow root to run any commands anywhere root ALL=(ALL) ALL 

simply do this if your user account name is abc123

abc123 ALL=(ALL) NOPASSWD: ALL 

and best to put this at the bottom of the file so that if said user account is also part of wheel group and that is in effect above that statement doesn’t override and undo this if you put this user statement at the top of the file.

I do not know how to undo the password prompt of using su in the above manner but

what you can do is sudo su and not get prompted for password, along with doing sudo su and su’ing to the root account without a password.

What I’ve described is the best way I know on how to gain no password prompting functionality while maintaining decent security at the same time. the /etc/sudoers file is the security focal point here.

The file permissions of /etc/sudoers should be root for both owner and group with -r—r—— permissions or 440.

note: using abc123 ALL=(ALL) NOPASSWD: ALL will allow that user account to do a sudo su and switch to the root account without being prompted for the root account’s password.

Источник

Configure SSH for login without a password

Looking for a way to login to your Linux server via SSH without specifying a password? Using an SSH key pair is the way to go then. If done properly, this results in more convenience for you and more security for your server. In this article you’ll learn step-by-step how to setup an SSH key pair for logging into your server via SSH, without having to enter a password.

Background

SSH stands for Secure Shell Protocol. SSH makes it possible for you to open up a remote terminal session on your server. More importantly, it does so while using a cryptographic based communication protocol. This means that all communication between your PC and your server is secure, even over an unsecured network. Consequently, SSH is the ideal method for remotely administering a Linux server.

After you setup Linux on your server, the installer probably already installed the OpenSSH server software. With OpenSSH running on your server, you can login to your server with the ssh program, using command syntax:

Replace [USERNAME] with the username of your user account on the server. Next, replace [HOST] with its IP-address, hostname or fully qualified domain name. The -p [PORT] part can be left out, if you use the default port 22, otherwise replace [PORT] with the SSH port you configured on the server. Example:

• ssh [email protected]

After running the ssh command to remotely login to your server, you need to enter your password in order to establish the connection. This makes sense, yet also poses a security threat. Especially with an Internet facing server, someone will figure out its IP address and try to login via SSH by guessing a username and password combination. With enough persistence and patience, they might eventually succeed.

What if I told you that it’s possible to login via SSH without a password and at the same time close this security threat? So increased convenience for you and increased security for your server. The trick is to use an SSH key pair, instead of a password. In this article I’ll explain how you can configure SSH to login with the help of an SSH key pair.

What do you need

This article assumes you already run a Linux server somewhere with:

• A user account setup that has sudo access.
• OpenSSH running such that you can remotely login via SSH.

The server can be a VirtualBox virtual machine, a cloud server or even a Raspberry PI. In case you quickly want to setup such a server, follow the instructions in one of these tutorials:

My system setup for this article consists of my Debian laptop ( tinka ) and a Debian server with www.example.com as the fully qualified domain name:

What is an SSH key pair?

An SSH key pair essentially consist of two files that belong together. One is called the public key and the other one the private key. This key pair forms a unique combination, with its contents based on hard to crack cryptography. Think of the SSH key pair as a key and lock system, as illustrated in the following image:

Others might find your server, but only you have the SSH private key on your PC. Therefore, only you can unlock access to your server via SSH. As the name implies: do not share the private key with anyone else.

Generate an SSH key pair

Now that we know what an SSH key pair is, it’s time for the next step for making it possible to login via SSH without a password. This step involves the actual creation of the SSH key pair. So afterwards we should end up with two files:

• The private SSH key file, which we later on register on our own PC.
• The public SSH key file, which we later on store on our server.

On a Linux system, you can find SSH keys in the .ssh directory of your home folder. Before we generate the SSH key pair, we first make sure that this directory exists and set it as the current directory:

From the .ssh directory, start the SSH key pair creation process by entering command:

The program prompts you to enter a file name for the key pair. In this example I specify debian_server as the name, but you can change this to whatever name you prefer. Next, the program prompts you for a passphrase. This is a text string of your choice that you would need to enter each time you use the key for authentication purposes. For convenience you can leave the passphrase empty by simple pressing Enter twice. You now have a brand spanking new SSH key pair. The private key file is called debian_server and the public key file is called debian_server.pub :

Register the private SSH key on your PC

With the SSH key pair in place, we are one step closer to setting things up for logging into SSH without a password. The next step involves registering the private SSH key file on our PC. Think of it as attaching the new key to your key-chain.

Before registering the private SSH key file, open the terminal and verify that the SSH authentication agent is actually running. Next, register the private SSH key file with the help of the ssh-add program:

Setup of the private SSH key file on your own PC is now done. Note that if you ever need to unregister the private SSH key file from the authentication agent, you can do so with the same command and specifying the -D option: ssh-add -D ~/.ssh/debian_server .

Copy the public SSH key to the server

You only need to complete one more step, before you can login to your server over SSH, without specifying a password. This step involves copying the public SSH key file over to your server. Think of it as installing the lock on your server.

The program ssh-copy-id assists with this step. Assuming that your working directory is set to ~/.ssh , the command syntax is:

• ssh-copy-id -i debian_server.pub [email protected]

This adds the public SSH key file to ~/.ssh/authorizedkeys on your server.

Login via SSH without using a password

At this point we prepared everything and it should be possible to login our server via SSH, without entering a password. Let’s give it a try. You can use the usual command for connecting to the server via SSH, so

For my server the command is:

• ssh [email protected]

As you can see in the screenshot, I was able to login via SSH without being prompted for a password. This proves that the new SSH key pair works.

Further SSH security hardening

In the previous steps, we managed to setup an SSH key pair, which enables us to login to our server without specifying a password. We can further improve the server’s security by:

1. Disabling the root user from logging in.
2. Completely disabling password authentication, since we don’t need it anymore.

To proceed with these steps, connect to your server via SSH and edit file /etc/ssh/sshd_config , for example using the Nano terminal editor:

Next, make sure that the following variables are set to no :

• PermitRootLogin
• PasswordAuthentication
• ChallengeResponseAuthentication

Next, save the changes to the file and exit the Nano editor. As a final step, restart the SSH server to activate the new configuration settings:

That’s it. It is now impossible for the root user to login via SSH. All other users can login, but only with an SSH key pair. No longer with a username and password. Here’s what happens if someone tries to login as the root user now:

Wrap up

This article explained step-by-step how you can configure the SSH connection with your server, such that you can login without a password. We achieved this with the help of an SSH key pair. Not only does this give you more convenience, but also more security. We completed the following steps:

1. Generated the SSH key pair.
2. Registered the private SSH key on your PC.
3. Copied the public SSH key to the server.

Now that the SSH login without a password works, we performed some extra SSH security hardening on your server by disabling password authentication altogether. While we were at it, we disabled the root user from logging in as well.

With these measures in place, you no longer have to worry about unwanted third parties gaining access to your server via SSH. They will still try though. To further discourage them from such SSH brute force attacks, you could consider installing Fail2ban.

PragmaticLinux

Long term Linux enthusiast, open source software developer and technical writer.

Источник