SSH - How to include "-t command" in the ~/.ssh/config file

Question

I use ~/.ssh/config file so that I can easily enter ssh myserver and it'll provide the correct username, port, hostname, identity file, etc.

However for many servers, the first thing I do is enter su - to log in as root. I can do this all in one command on the command line like so: ssh myserver -t su -. Is there something I can add to my ~/.ssh/config file that'll do that for me? I want to be able to do ssh myserver-root and it'll do the same thing as ssh myserver -t su -?

I know about PermitRootLogin, that's off for this server, and I'm reluctant to turn that on. I'd much rather see if there's a way to do this using ssh on the client side.

score 10 · Accepted Answer · answered Aug 19 '09 at 16:15

10

I think I'd approach this from the other direction - use 'command=' on the public key entry in your ~/.ssh/authorized_keys file on the remote server, to run your "su -" command.

Then just use/reference the private key in your ~/.ssh/config file (IdentityFile option) for every host/alias ("myserver-root") you want to work this way.

The options available in authorized_keys(5) are documented in sshd(8).

answered Aug 19 '09 at 16:15

jrg

800
3
6

Yes that does exactly what I want. :) I have full control over the ~/.ssh/authorized_key file on the server and have no problem with changing that. – Amandasaurus Aug 20 '09 at 11:00

score 10 · Answer 2 · edited Apr 13 '17 at 12:37

10

Use the force Luke!

use RequestTTY force in your ~/.ssh/config for the desired host.

btw. this is also discussed here https://unix.stackexchange.com/questions/27713/ssh-config-way-to-spectify-pseudo-tty-allocation-and-command-execution-like-sc/294468#294468

edited Apr 13 '17 at 12:37

Community

1

answered Jul 07 '16 at 15:57

Veaceslav Mindru

101
1
3

I believe this is the better answer to the original question – John Kloian Oct 28 '16 at 15:17

score 3 · Answer 3 · answered Aug 19 '09 at 14:44

3

Why not add a script to a dir in your path (or an alias for it) called rssh like:

#!/bin/bash
ssh $1 -t 'su -'

Then it is just:

rssh myServer

answered Aug 19 '09 at 14:44

Kyle Brandt

83,619
74
305
448

score 1 · Answer 4 · answered Aug 19 '09 at 14:28

1

I did not find any config option for pseudo-tty allocation in the OpenSSH source.

But I can give a tip regarding PermitRootLogin, Set it to:

PermitRootLogin without-password

And allow only root logins with ssh-keys.

answered Aug 19 '09 at 14:28

rkthkr

8,618
28
38

score 1 · Answer 5 · answered Aug 19 '09 at 16:07

1

How about adding something like this in ~/.bashrc on the server side?

if [ "$SSH_TTY" != "" ]; then su -; logout; fi

answered Aug 19 '09 at 16:07

Shawn Chin

1,854
1
11
12

score 1 · Answer 6 · edited Apr 13 '17 at 12:14

1

The best answer is probably a combination of rkthkr and jrg. Use PermitRootLogin to require a key, then only put the key with the command keyword in root's authorized_keys file.

edited Apr 13 '17 at 12:14

Community

1

answered Aug 19 '09 at 16:20

mwalling

532
2
5
12

SSH - How to include "-t command" in the ~/.ssh/config file

6 Answers6