How to get password for sudo

问题

I'm trying to use the command sudo -i -u postgres for PostgreSQL, and the Google Compute Engine VM is asking me for my password for my account (not root).

As I never issued a password, and I always login to my server via SSH key, I'm not sure what the password is, how I can reset it, or where it can be found.

Please tell me where I can get my password?

回答1:

To become another non-root user on a GCE VM, first become root via password-less sudo (since that's how sudo is configured on GCE VM images):

sudo su -

and then switch to the user you want to become or run a command as another use, e.g., in your case, that's:

sudo -i -u postgres

回答2:

Per https://cloud.google.com/compute/docs/instances ,

The instance creator and any users that were added using the metadata sshKeys value are automatically administrators to the account, with the ability to run sudo without requiring a password.

So you don't need that non-existent password -- you need to be "added using the metadata sshKeys value"! The canonic way to do that, and I quote from that same page:

$ echo user1:$(cat ~/.ssh/key1.pub) > /tmp/a
$ echo user2:$(cat ~/.ssh/key2.pub) >> /tmp/a
$ gcloud compute project-info add-metadata --metadata-from-file sshKeys=/tmp/a

or you can use the Google Developers Console for similar purposes, see https://cloud.google.com/compute/docs/console#sshkeys if you'd prefer that.

回答3:

Summary

While creating the VM, specify the ssh user in the "Enter the entire key data" box.

Details

1. generate the ssh key pair and identify the public key:
   • if ssh-keygen, a file ending with ".pub"
   • if PuTTYgen, the text in box "Public key for pasting ..."

Notice the fields, all one one line, separated by spaces: "protocol key-blob username". For username, you may find your Windows user name or a string like "rsa-key-20191106". You will replace that string with your choice of Linux user name.

2. Paste the public key info into the "Enter the entire key data" box.

3. Change the 3rd field to the actual user that you want to create on the VM. If, for example, "gcpuser", then:

   ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjUIG3Z8wKWf+TZQ7nVQzB4s8U5rKGVE8NAt/LxlUzEjJrhPI5m+8llLWYY2PH4atZzuIYvYR0CVWhZvZQzLQc33vDOjQohxV9Lg26MwSqK+bj6tsr9ZkMs2zqNbS4b2blGnr37+dnwz+FF7Es9gReqyPxL9bn5PU/+mK0zWMHoZSEfUkXBrgqKoMQTsYzbMERluByEpZm9nRJ6ypvr9gufft9MsWC2LPhEx0O9YDahgrCsL/yiQVL+3x00DO9sBOXxi8kI81Mv2Rl4JSyswh1mzGAsT1s4q6fxtlUl5Ooz6La693IjUZO/AjN8sZPh03H9WiyewowkhMfS0H06rtGQ== gcpuser
   

4. create your VM. (Debian, for example)

5. Connect to the VM

   • directly from ssh or PuTTY (not browser window)
   • use the private key
   • specify the user

6. Notice that your public key is present:

   gcpuser@instance-1:~/.ssh$ cat authorized_keys
   # Added by Google
   ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjUIG3Z8wKWf+TZQ7nVQzB4s8U5rKGVE8NAt/LxlUzEjJrhPI5m+8llLWYY2PH4atZzuIYvYR0CVWhZvZQzLQc33vDOjQohxV9Lg26MwSqK+bj6tsr9ZkMs2zqNbS4b2blGnr37+dnwz+FF7Es9gReqyPxL9bn5PU/+mK0zWMHoZSEfUkXBrgqKoMQTsYzbMERluByEpZm9nRJ6ypvr9gufft9MsWC2LPhEx0O9YDahgrCsL/yiQVL+3x00DO9sBOXxi8kI81Mv2Rl4JSyswh1mzGAsT1s4q6fxtlUl5Ooz6La693IjUZO/AjN8sZPh03H9WiyewowkhMfS0H06rtGQ== gcpuser
   

7. Notice that you are in group google-sudoers

   gcpuser@instance-1:~/.ssh$ id
   uid=1000(gcpuser) gid=1001(gcpuser) groups=1001(gcpuser),4(adm),30(dip),44(video),46(plugdev),1000(google-sudoers)
   

8. sudo to root with no password

   gcpuser@instance-1:~$ sudo -i -u root
   root@instance-1:~#
   

9. Notice the sudoers file:

   root@instance-1:~# cat /etc/sudoers.d/google_sudoers
   %google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
   

Conclusion

Specifying the username in "Enter the entire key data" has these results:

1. creating the user in the virtual machine.
2. uploading the key to ~/.ssh
3. membership in a passwordless sudo group

来源：https://stackoverflow.com/questions/28401834/how-to-get-password-for-sudo