Hi,
I have some privilege problem with normal user and shutting down proxmox remotely with ssh.
I write the command from a remote PC
getting the following error.
ok, then i connect to proxmox ve remotely:
everything seems to work fine.
At this point, I type the reboot command:
getting the message:
Why? Ok, let's see the visudo configuration file
It all seems correct to me. The user has no password privilege to execute the shutdown command.
Closed without any changes.
I run the command again:
Works. Why?
When the server restarts, obviously I have to proceed with the described procedure again.
In other distributions everything works fine.
I need your help!
I have some privilege problem with normal user and shutting down proxmox remotely with ssh.
I write the command from a remote PC
Code:
ssh -i ./ssh_keys/id_rsa_homeassistant -o StrictHostKeyChecking=no daniele@192.168.2.39 sudo /usr/sbin/shutdown -r nowgetting the following error.
Code:
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is requiredok, then i connect to proxmox ve remotely:
Code:
ssh -i ./ssh_keys/id_rsa_homeassistant -o StrictHostKeyChecking=no daniele@192.168.2.39everything seems to work fine.
Code:
Linux pve1 6.2.16-8-pve #1 SMP PREEMPT_DYNAMIC PMX 6.2.16-8 (2023-08-02T12:17Z) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Aug 19 09:56:21 2023 from 192.168.2.51
daniele@pve1:~$At this point, I type the reboot command:
Code:
sudo /usr/sbin/shutdown -r nowgetting the message:
Code:
[sudo] password for daniele:Why? Ok, let's see the visudo configuration file
Code:
sudo visudo
Code:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu
# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532)
Defaults use_pty
# This preserves proxy settings from user environments of root
# equivalent users (group sudo)
#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"
# This allows running arbitrary commands, but so does ALL, and it means
# different sudoers have their choice of editor respected.
#Defaults:%sudo env_keep += "EDITOR"
# Completely harmless preservation of a user preference.
#Defaults:%sudo env_keep += "GREP_COLOR"
# While you shouldn't normally run git as root, you need to with etckeeper
#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*"
# Per-user preferences; root won't have sensible values for them.
#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME"
# "sudo scp" or "sudo rsync" should be able to use your SSH agent.
#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK"
# Ditto for GPG agent
#Defaults:%sudo env_keep += "GPG_AGENT_INFO"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
daniele ALL = NOPASSWD: /usr/sbin/shutdown
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
%admin ALL = NOPASSWD: /sbin/shutdown
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.dIt all seems correct to me. The user has no password privilege to execute the shutdown command.
Closed without any changes.
I run the command again:
Code:
sudo /usr/sbin/shutdown -r nowWorks. Why?
When the server restarts, obviously I have to proceed with the described procedure again.
In other distributions everything works fine.
I need your help!
Last edited:
