Allow a user via ssh to: ifconfig eth0 down

Grimson

RTFM: https://docs.netgate.com/pfsense/en/latest/usermanager/sudo-package.html

OM606

I think sudo is no option in my case as i run the ifconfig command from another host via ssh. thats also why i setup ssh login via ssh key instead of password.

I would prefere to give the user i have created root privilege. how can i give the user root priviledge?

Regards and thanks,
Markus

Grimson

@OM606 said in Allow a user via ssh to: ifconfig eth0 down:

I think sudo is no option in my case as i run the ifconfig command from another host via ssh. thats also why i setup ssh login via ssh key instead of password.

Read the documentation again, sudo is exactly what you need.

OM606

I have installed sudo and configured it for my user adminsh but it's not working as i expected.

When i run the following from the remote host:

ssh adminsh@172.16.16.1 ifconfig re0 down

It gives me the following error:
ifconfig: down: permission denied

The reason for this is quite obvious because somewhere in the processs it would like to get the (sudo) password.

If i log in via ssh adminsh@172.16.16.1 and then execute sudo ifconfig re0 down it asks me for the password and everything works fine.

Any chance that i can execute this under sudo from remote?
I have tried something like following but this did not work:

ssh adminsh@172.16.16.1 sudo ifconfig re0 down
sudo: no tty present and no askpass program specified.

Otherwise, if there is a way that if i ssh into pfsense with admin or root that i get directly to the shell without the pfsense welcome menu? This would solve my problem definitely.

Thanks,
Markus

Grimson

@OM606 said in Allow a user via ssh to: ifconfig eth0 down:

If i log in via ssh adminsh@172.16.16.1 and then execute sudo ifconfig re0 down it asks me for the password and everything works fine.

Oh come on, the documentation even has an example setup for a command without a password. Show a screenshot of your sudo config.

OM606

Grimson, first of all, thanks for your patience so much!

I have configured sudo only throught the webgui (System/sudo)

Do you mean the config file /usr/local/etc/sudoers ?

It looks like following:

root ALL=(root) ALL
admin ALL=(root) ALL
%admins ALL=(root) ALL
adminsh ALL=(root) ALL

Or do i need to put the custom command like in the example for user bob in the documentation in the following file:
/usr/local/etc/sudoers.d

Regards and thanks,
Markus

Grimson

@OM606

I really hope you are just drunk. Enable the "No Password" option like the documentation tells you in the first example.

no password.png

OM606

being drunk would not help much :-) because even with the No Password option i still get this:

ssh adminsh@172.16.16.1 ifconfig re0 down
ifconfig: down: permission denied

if i login using ssh adminsh@172.16.16.1
and then run:
sudo ifconfig re0 down
everything works but thats not what i need!! as stated in the first posts :-)

Other question, what do i have to change in order to not get /etc/rc.initial being started when i ssh into as root or admin?
i only need csh or any other shell instead of the menu. This would really solve my problem and if i need the menu i can just run /etc/rc.initial

Markus

Grimson

@OM606 said in Allow a user via ssh to: ifconfig eth0 down:

being drunk would not help much :-) because even with the No Password option i still get this:

ssh adminsh@172.16.16.1 ifconfig re0 down

Just for the sake of others that might read this post, you obviously still need to use sudo:

ssh adminsh@172.16.16.1 sudo ifconfig re0 down

@OM606
As I'm pretty convinced you are just trolling I will now add you to my blocked users list.

OM606

thanks, you are very helpful and sorry for me beeing so untalented