5.18. Sharing root Privileges via SSH

Problem

You want to share superuser privileges with other users but not reveal the root password.

Solution

Append users’ public keys to ~root/.ssh/authorized_keys.[1] [Recipe 6.4] Users may then run a root shell:

$ ssh -l root localhost

or execute commands as root:

$ ssh -l root localhost ...command...

Discussion

As an alternative to su, you can use ssh to assign superuser privileges without giving out the root password. Users connect to localhost and authenticate by public key. (There’s no sense using password authentication here: you’d have to give out the root password, which is exactly what we’re trying to avoid.)

This method is more flexible than using su, since you can easily instate and revoke root privileges: simply add and remove users’ keys from ~root/.ssh/authorized_keys. However, it provides less logging than sudo: you can learn who became root (by log messages) but not what commands were run during the SSH session.

Some discussion points:

  • Make sure /etc/ssh/sshd_config has PermitRootLogin yes specified.

  • ssh is built for networking, so of course you can extend the scope of these root privileges to remote machines the same way. Instead of connecting to localhost, users connect to the remote machine as root:

    $ ssh -l root remote_host
  • Users can avoid passphrase prompts by running ssh-agent. [Recipe 6.9] This feature must be balanced against your security policy, however. If no passphrase is required for root privileges, then the user’s terminal ...

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.