Hacker News new | past | comments | ask | show | jobs | submit login

Technically `sudo -u` can switch to any user on the system while only a limited few would be allowed as ssh targets. Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.



I do use that a lot

  sudo -H -u user bash
after I ssh into a server with my own account. That other user might even be a no login account.


You can just use `-i` instead of `bash`. (This method indeed requires a shell configured, your method is needed with nologin.)


>Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.

would something like PermitRootLogin=localhost punch an enormous hole in your intricate opsec?


I've set up tor on some machines to forward ssh as a hidden service for an easy to configure way to get past NAT before. That shows up as a login from localhost. (could be configured differently, with some extra work)

There's so ways to configure access to a system, each with footguns I'm surely unaware of.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: