SSH - How to include "-t command" in the ~/.ssh/config file

I use ~/.ssh/config file so that I can easily enter ssh myserver and it'll provide the correct username, port, hostname, identity file, etc.

However for many servers, the first thing I do is enter su - to log in as root. I can do this all in one command on the command line like so: ssh myserver -t su -. Is there something I can add to my ~/.ssh/config file that'll do that for me? I want to be able to do ssh myserver-root and it'll do the same thing as ssh myserver -t su -?

I know about PermitRootLogin, that's off for this server, and I'm reluctant to turn that on. I'd much rather see if there's a way to do this using ssh on the client side.


Solution 1:

I think I'd approach this from the other direction - use 'command=' on the public key entry in your ~/.ssh/authorized_keys file on the remote server, to run your "su -" command.

Then just use/reference the private key in your ~/.ssh/config file (IdentityFile option) for every host/alias ("myserver-root") you want to work this way.

The options available in authorized_keys(5) are documented in sshd(8).

Solution 2:

Use the force Luke!

use RequestTTY force in your ~/.ssh/config for the desired host.

btw. this is also discussed here https://unix.stackexchange.com/questions/27713/ssh-config-way-to-spectify-pseudo-tty-allocation-and-command-execution-like-sc/294468#294468

Solution 3:

Why not add a script to a dir in your path (or an alias for it) called rssh like:

#!/bin/bash
ssh $1 -t 'su -'

Then it is just:

rssh myServer

Solution 4:

I did not find any config option for pseudo-tty allocation in the OpenSSH source.

But I can give a tip regarding PermitRootLogin, Set it to:

PermitRootLogin without-password

And allow only root logins with ssh-keys.