You have an ubuntu server machine on some cloud.
You want to ssh without being prompted for the password.
You want to sudo without being prompted for the password.
You need to remotely automate some tasks on that machine and you need a suitable user to do that.
At the end: you need a user without a password. That is a cloud-ready user.
Let’s say the username you want to create is “admin”, and that you can temporary login with another sudoers user.
First of all (use adduser, avoid useradd):
sudo adduser --disabled-password admin
Prepare ssh authorization stuff:
sudo mkdir ~/../admin/.ssh
sudo chmod 700 ~/../admin/.ssh/
sudo touch ~/../admin/.ssh/authorized_keys
sudo chmod 600 ~/../admin/.ssh/authorized_keys
sudo chown admin:admin ~/../admin/.ssh/
sudo chown admin:admin ~/../admin/.ssh/authorized_keys
Make sure sshd is configured to accept RSA and pubkey authentication:
sudo nano /etc/ssh/sshd_config
verify the following lines are present, otherwise add / correct them:
Please note that key #AuthorizedKeysFile can stay commented out.
If you had to change the config:
sudo service ssh restart
If you don’t already have one, generate your pub/private cert:
From your desktop (or from wherever you want to start ssh into the cloud):
chmod 700 ~/.ssh
ssh-keygen -t rsa
Then (via ssh on previous user) copy-paste the pub key into
Last, add admin user to the NOPASSWD sudoers:
add the following at the end:
admin ALL=(ALL) NOPASSWD:ALL
and restart sudo service:
sudo service sudo restart
And now, to connect from your local desktop:
ssh -i ~/.ssh/[your private key] admin@[IP or hostname of your remote cloud ubuntu]
or you can add a
~/.ssh/configfile with the following:
Host [your favorite endpoint name]
Hostname IP or hostname of your remote cloud ubuntu
IdentityFile ~/.ssh/[your private key]
and with that, simply:
ssh [your favorite endpoint name]
to come in and start working!