Hi,
Our Octopus is using SSH to connect to Linux Servers.
We have scripts that require running commands (e.g restarting service) with sudo on linux servers. By using sudo you would would require to enter password. Giving the SSH user account no password on sudo would work around this. There are some security concern with this setup.
Is there another solution?
Hi @binh.au
Thanks for getting in touch! The workaround you mentioned is the recommended way of achieving this. You can read more about that here: Sudo commands | Documentation and Support
You can increase security by using more restrictive permissions as mentioned near the bottom of the page:
Be Selective with Permissions
Ideally your Octopus Deploy ssh endpoint should be configured with a special user solely for the purposes of running deployments. In this case you should consider configuring just that user’s sudo capabilities to be limited to those commands needed to execute the deployment scripts.
A good approach for this is to review the commands that the Tentacle needs to run in your deployment and to add only those to the sudoers file. The man page offers detailed information on how to achieve this and some good examples. There is also an easier to read example on the linked Stack Overflow question.
Regards,
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.