What did Oracle Cloud do, so I could sudo without password on SSH session?

I noticed that Oracle Cloud's pre-generated key pair could login into Linux server without password, and sudo without password, too. I can't reproduce this situation anywhere else I known.

The difference between Oracle Cloud and others is that it also generated a user ubuntu (For Ubuntu. And for Oracle Linux, the default user is opc. Whether the distro I use, An opc user is always generated) at OOBE. It seems that Oracle Cloud servers do not use root user by default. So I realized that there's an Oracle Cloud Agent installed, works with sudo user opc. Is that software handled the sudo authorization? (But I checked /etc/pam.d and some other places, these files are remained vanilla.)

The other sites told me to set up a pam module libpam-ssh-agent-auth, but that's a outdated project, without update for years. I tried on many server and won't work. (Though many distro didn't remove this pam module from package manager)

It would be appreciated if someone could tell me how to achieve this.

Sudo

To allow users of the sudo group (or equivalent) the sudo configuration can be changed. Add this to /etc/sudoers (Use visudo as root)

%sudo ALL=(ALL) NOPASSWD: ALL

Do note that the user needs to be member of the sudo group.

Or just one specific user:

username_here       ALL = (ALL) NOPASSWD: ALL

SSH key

To be able to login as a user without a password your public SSH key needs to be added to the account you wish to login to.

The proper way of doing this is by using ssh-copy-id

ssh-copy-id [email protected]

This will add your public key to the specified user's homefolder under .ssh/authorized_keys

You can copy it manually as well if you wish. Just copy the output of this file(your local machine) into the .ssh/authorized_keys file of the user (on the server):

cat ~/.ssh/id_rsa.pub

Typically cloud images run cloudinit when they are launched to initialize and customize the generic image for an unique instance.

Cloudnit can and usually does perform generic tasks but is generally also configured to interact with the specific cloud providers meta data service to load Vendor and/or User Data. That mechanism is usually what provisions in the instance the personal public ssh key you uploaded to the cloud provider and what enables you to log in with the associated private key.

Cloud init can do many things, including deploying users, set up ssh keys and/or passwords and sudo rights for those newly deployed users.

How to enable your own User-Data to (further) customize what cloud init does is cloud vendor specific.