Linux - How to Configure Agentless Password Automation
This document will help you to configure target machine to manage password rotation. Followed distributions are supported at the moment.
Following versions are test on Monopam 2023-10
Distribution | Version | Discovery | Import | Reset | Remove |
|---|---|---|---|---|---|
Red Hat | 7.x, 8.x, 9.x | ✅ | ✅ | ✅ | ✅ |
Ubuntu | 22.04, 22.10 | ✅ | ✅ | ✅ | ✅ |
CentOS | 8.x, 9.x | ✅ | ✅ | ✅ | ✅ |
Debian | 11 | ✅ | ✅ | ✅ | ✅ |
Kali Linux | 2022 and above | ✅ | ✅ | ✅ | ✅ |
Fedora | 36 | ✅ | ✅ | ✅ | ✅ |
AlmaLinux | 9.2 | ✅ | ✅ | ✅ | ✅ |
Rocky Linux | 9.2 | ✅ | ✅ | ✅ | ✅ |
Oracle Linux | 8.x, 9.x | ✅ | ✅ | ✅ | ✅ |
Configure Machine Credentials
You need to have a credential that has sudo permission on target machine.
Add user to sudo
Distro | Command |
|---|---|
Ubuntu, Debian, Kali | sudo usermod -aG sudo |
CentOS, Red Hat, Fedora, AlmaLinux, Rocky Linux, Oracle | sudo usermod -aG wheel |
Monopam local admin user should be added to the machine. This can be a Local User or SSH Key to manage the machine’s local users.
Remember, this user should be local admin in the machine.
Recommended username for local: monopam
This user should be also passwordless sudo user. That means if connect to the server and type sudo su that user shouldn’t be required password while switching to root mode.
echo "monopam ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/monopam
Important
You cannot remove user if that user already in a ssh session.