0

I am trying to SSH from one ubuntu18.04 machine to another. For that created a separate user in both machines and added that user in sudo group and edited sshd_config file for PubKeyAuthentication=yes and restarted ssh service.

Then under the createduser in 1st machine, generated ssh-keygen, copied that id_rsa.pub key to 2nd machine under created user, ssh-copy-id -i id_rsa.pub newuser2@[ip-of-2ndmachine]

Now im able to ssh to the 2nd machine without password, but when i execute apt update, its showing permission denied, how to execute the same without password now?

Note: If I give sudo apt update, its asking password, after passing password the cmd is executing.

Can someone help me to execute all cmds in 2nd machine without providing password with newuser(not root).

Dhamodharan
  • 9

1 Answers1

0

Apt commands must be executed with super user privileges, normally through the use of sudo. This usually requires you entering your passphrase. You could set up passwordless sudo on the 2nd machine for apt commands, or more safely for specific apt commands to achieve your goal.

To set up passwordless sudo, you will need to have sudo access already as the visudo commad, used to edit the sudoers file, is another command requiring root level privileges.

To edit the sudoers file with your default text editor:

sudo visudo

Add the following line to allow passwordless access to all apt commands (replacing user with your actual username):

user ALL= NOPASSWD: /usr/bin/apt

It's safer to restrict sudo access as much as possible so if you know the precise commands you're likely to run, enter those instead:

user ALL= NOPASSWD: /usr/bin/apt update
user ALL= NOPASSWD: /usr/bin/apt upgrade

Close the file and save changes to enable the new access level, you will still need to use sudo for your commands but will not need to enter the passphrase.

Be aware that granting passwordless sudo access too liberally can break the security of your system. When done incorrectly it means that anyone that can log in as your user can elevate their privileges to root level and do anything on your system.

Arronical
  • 19,893
  • Passwordless sudo means, you are mentioning this-- %sudo ALL=(ALL) NOPASSWD:ALL. – Dhamodharan Jul 24 '19 at 08:52
  • I've added information on how to do that. The % symbol means that you're granting sudo access to a group. The line you've posted would grant passwordless sudo to any command for any user in the sudo group. That's probably a bit too open, being as restrictive as practical is a good thing. – Arronical Jul 24 '19 at 08:59
  • Yeah sure, I will edit the file accordinly... Actually I was executing an ansible-playbook with apt command which results this issue. Have attached the image for your reference, kindly let me know if have any idea. – Dhamodharan Jul 24 '19 at 09:13
  • Let me know if have any idea on this.
    • hosts: webservers become: yes become_user: ansnode become_method: sudo tasks:
      • name: "installing webserver" apt: name: apache2 update_cache: yes state: present

    Executing play: ansible-playbook apachews.yml

    PLAY [webservers]

    fatal: [172.xx.xx.xx]: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation"}

    PLAY RECAP 172.xx.xx.xx : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

     – Dhamodharan Jul 24 '19 at 09:35
  • I don't really have any experience with ansible I'm afraid. You should probably ask a new question to get information on that. It's also worth looking at the [tour] page to find out how this site works in regards to asking questions and accepting answers. – Arronical Jul 24 '19 at 09:38