Hello everyone, I am running Debian on my home server and I also do have a raspberrpi with raspberry pi os.

When I do connect to my raspberry via ssh (with keys, not password) I do not need to enter a password when I do run a command with sudo.

Someone here can guie me on how to replicate that behaviour on Debian 12 stable?

  • zipping2583@lemmy.worldOP
    link
    fedilink
    arrow-up
    3
    ·
    4 months ago

    Thank you very much!

    And thanks for pointing out the security risk. Makes me wonder why this works out of the box on my raspberry. Maybe because I did not set up root user?

    • PassingThrough@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      4 months ago

      Raspbian is sometimes a compromise between security and usability, because it is designed to go into the hands of new users. It also used to ship with a default “pi/rasberry” login hardcoded and IIRC permitted root password login over ssh. Things experience users change or turn off, but needs to start friendly for the rest, you know?

      By doing this, they can take a step in the right direction by separating the root and login user, without becoming annoying asking for a password frequently as a newbie copies and pastes tutorial commands all week.

      And as I said it’s unlikely, even very unlikely, but just not impossible. Everything comes with a risk, I just believe it’s up to you, not me, what risks mean in your environment. Might be you’d like to have the convenience on the home dev server, but rather have as much security as possible on a public facing one.

      Or maybe you’d like to get really dialed in and only allow specific commands to be run without a password, so you can be quick and convenient about rebooting but lock down the rest. Up to you, really, that’s the power of Linux.

      • zipping2583@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        Oh wow thank you very much! That is so cool there is an option to allow only specific commands :) I will surely dive deeper into this