Keyless SSH

I am running ubuntu with mapr, and the root user isn't enabled. Is there a place where I can specify another user who has (passwordless) sudo privileges ? I already have this user setup with the ability to logon on to all nodes with a cert, how do I get mapr to use this user?

Thanks!

sudo ssh ubuntu

asked 23 Feb '12, 13:19

mandoskippy ♦
430●30●49●67
accept rate: 25%

2 Answers:

oldest newest most voted

The webserver does an SSH as user 'root' to run the disk commands on nodes. It cannot do 'sudo <user>' to run those commands because, in some cases sudo will wait for a password and we cannot have the SSH session stuck.

The UI gives you alternate commands to run on the node. Eg: You can SSH to the node and run:

maprcli disk list -host 127.0.0.1

link

answered 28 Feb '12, 10:37

sgopinath
562●2●4
accept rate: 17%

Couldn't you allow us to use a different user and allow us to use sudo with that different user? If the sudo failed, than it's really on us. I have it setup right now so sudo doesn't require a password. That is the only way to get the control system working with ubuntu then isn't it? I guess I am unclear on how that's supported otherwise?

(28 Feb '12, 12:11) mandoskippy ♦

You need sudo for only a couple of things: (a) format a disk through the GUI, (b) discover existing drives on a box. The rest of functionality does not require sudo. You can continue to work without sudo.

(28 Feb '12, 13:19) MC Srivas ♦♦

Why can the Webserver not talk to the FS or the warden and let it preform the tasks. Its already running as root and doesn't open security holes in the system.

(02 Mar '12, 20:56) NerdyNick

We chose to use ssh because its more secure than any protocol we can dream up. In the near future we will support non-root sudo.

(02 Mar '12, 21:07) MC Srivas ♦♦

You can set up administrative users as detailed here: link text. For some functions, these users will need sudo capabilities.

link

answered 23 Feb '12, 16:29

TedDunning ♦♦
2.4k●3●15
accept rate: 28%

I had added administrative users, but I am not sure what account the web interface uses for administrative controls. Is it what ever user is logged in? I have multiple users with fc on the the cluster, is that the issue? I am unclear how to make it work as I have everything setup.

(23 Feb '12, 17:49) mandoskippy ♦

I have checked everywhere, and still don't understand what I am missing. Here is what I have: - My user can ssh to all nodes without a password AND can sudo without a password (this is ubuntu, no root user) - I can do both activities from the webserver node. - That use has fc rights in the mapr control panel - I logon to the control panel with that user/password (All the PAM modules are setup correctly) - When I look at a node, all the disk commands give me an error.

What machine runs the disk commands on the nodes? The webserver node? The client machine connecting to the webserver?
Does the client machine need access to all nodes or is just access to the webserver sufficient?
If the webserver is doing the connecting to the nodes to run the ssh commands, is there a place to specify which user it is done as? I have multiple users with fc...

(27 Feb '12, 10:13) mandoskippy ♦

Your answer

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or __italic__
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

ubuntu ×13
ssh ×3
sudo ×2

Asked: 23 Feb '12, 13:19

Seen: 675 times

Last updated: 02 Mar '12, 21:07

Keyless SSH

Follow this question

Related questions