如果我在 cloud-init 中将我的用户设置为 sudo: true,则无法通过 ssh 进入 EC2 实例
Can't ssh into EC2 instance if I set my user to sudo: true in cloud-init
以下 yml 脚本启动了一个 EC2 实例,它允许我使用对应于 ssh_authorized_keys.
的 .pem 文件登录
- name: myuser
primary_group: mygroup
sudo: false
lock_passwd: true
ssh_authorized_keys:
- ssh-rsa ALDLKDSDF...
但是,如果我设置 sudo: true,实例将不允许我使用 ssh(身份验证失败)。如果我也设置lock_passwd: false也是一样。有什么想法吗?
来自Cloud config examples — cloud-init documentation:
# sudo: Defaults to none. Accepts a sudo rule string, a list of sudo rule
# strings or False to explicitly deny sudo usage. Examples:
#
# Allow a user unrestricted sudo access.
# sudo: ALL=(ALL) NOPASSWD:ALL
#
# Adding multiple sudo rule strings.
# sudo:
# - ALL=(ALL) NOPASSWD:/bin/mysql
# - ALL=(ALL) ALL
#
# Prevent sudo access for a user.
# sudo: False
#
# Note: Please double check your syntax and make sure it is valid.
# cloud-init does not parse/check the syntax of the sudo
# directive.
因此,sudo没有true选项。
以下 yml 脚本启动了一个 EC2 实例,它允许我使用对应于 ssh_authorized_keys.
- name: myuser
primary_group: mygroup
sudo: false
lock_passwd: true
ssh_authorized_keys:
- ssh-rsa ALDLKDSDF...
但是,如果我设置 sudo: true,实例将不允许我使用 ssh(身份验证失败)。如果我也设置lock_passwd: false也是一样。有什么想法吗?
来自Cloud config examples — cloud-init documentation:
# sudo: Defaults to none. Accepts a sudo rule string, a list of sudo rule
# strings or False to explicitly deny sudo usage. Examples:
#
# Allow a user unrestricted sudo access.
# sudo: ALL=(ALL) NOPASSWD:ALL
#
# Adding multiple sudo rule strings.
# sudo:
# - ALL=(ALL) NOPASSWD:/bin/mysql
# - ALL=(ALL) ALL
#
# Prevent sudo access for a user.
# sudo: False
#
# Note: Please double check your syntax and make sure it is valid.
# cloud-init does not parse/check the syntax of the sudo
# directive.
因此,sudo没有true选项。