<div dir="ltr">Could some of the more specific options in the authorized_keys file help? On the second server you could use the command="privileged command" option (man sshd, look for AUTHORIZED_KEYS FILE FORMAT). So you'd be setting up passwordless ssh with a particular key, but that key would be running a single command and then exiting.<div><br></div><div>Sean</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 5, 2015 at 2:33 PM, Kevin McGregor <span dir="ltr"><<a href="mailto:kevin.a.mcgregor@gmail.com" target="_blank">kevin.a.mcgregor@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'm using Solaris 11.2. I can do this:<div><br></div><div>logon with an unprivileged account which is allowed to take on the 'root' role</div><div>su</div><div>type password</div><div>run privileged command</div><div>end the su</div><div><br></div><div>This works fine. The privileged command I want to run, though, is to SSH to another system with the same account and run the command *there* as the remotely privileged account/role, all from a script and without (obviously) having to type a password anywhere.</div><div><br></div><div>I've figured out how to do all this IF root is *not* a role and is a regular account. How do I do it while leaving root as a role?</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Kevin</div></font></span></div>
<br>_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Sean Walberg <<a href="mailto:sean@ertw.com" target="_blank">sean@ertw.com</a>> <a href="http://ertw.com/" target="_blank">http://ertw.com/</a></div>
</div>