LinuxQuestions.org - Using Commands over SSH using Sudo

- General (https://www.linuxquestions.org/questions/general-10/)

- - Using Commands over SSH using Sudo (https://www.linuxquestions.org/questions/general-10/using-commands-over-ssh-using-sudo-927457/)

metallica1973

02-03-2012 02:12 PM

Using Commands over SSH using Sudo

Is there a way to transfer my sudo password via ssh so that I can copy files remotely and pass them locally, so:

Code:

cat sudo-passwd-file|ssh -t user@10.7.0.180 'sudo find / -depth|cpio -oacv|gzip' > /path/to/dir/file.cpio.gz

I am in the process of a creating a script. Everytime I try and just do this I get:

Code:

cat passwd-file|ssh -t saint@10.7.0.180 'sudo find / -depth'

Pseudo-terminal will not be allocated because stdin is not a terminal.

sudo: no tty present and no askpass program specified

T3RM1NVT0R

02-03-2012 02:52 PM

@ Reply

Hi metallica1973,

Isn't the easy way would be setting up key based authentication for that particular user and let it run commands on the remote server? You can refer following link that will help you out: http://linuxproblem.org/art_9.html

The reason I am suggesting this because it is more secure than keeping your password in a file (plain-text)

metallica1973

02-03-2012 03:15 PM

I appoligize for not clarifying my setup. I do use "hostbasedauthentication" and currently use passwordless ssh commands to do other stuff like:

example:

Code:

ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "find / -depth|cpio -oacv|gzip" > /path/to/dir/file.cpio.gz

I dont have any permission issues in this instance but now I have been ask to do the samething on another server that requires me to use my sudo password or else I will get permission issues when trying to read different files.

metallica1973

02-03-2012 03:34 PM

Couldnt I just:

connect to 10.7.0.180 and add a newline or edit existing to look like

Code:



user ALL=(ALL)              NOPASSWD: /usr/bin/find

T3RM1NVT0R

02-03-2012 03:51 PM

@ Reply

Yes, you can do that. However, it should look like as follows instead:

Code:

user ALL=NOPASSWD: /usr/bin/find

So that this user is only allowed to run find command with elevated privileges.

Below syntax doesn't look correct to me.

Code:

user ALL=(ALL) NOPASSWD: /usr/bin/find

metallica1973

02-07-2012 12:23 PM

Many thanks for the reply. I made the correction made it specific to a user:

Code:

user ALL=NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip

and noticed that now when I perform a:

Code:

ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "find / -depth|cpio -oacv|gzip" > /path/to/dir/file.cpio.gz

I am getting from cpio:

Code:

cpio: /etc/ConsoleKit/seats.d/00-primary.seat: Cannot utime: Operation not permitted

/etc/ConsoleKit/seats.d/00-primary.seat

/etc/ConsoleKit/seats.d

/etc/ConsoleKit

cpio: /etc/blkid.conf: Cannot utime: Operation not permitted

/etc/blkid.conf

cpio: /etc/cron.d/anacron: Cannot utime: Operation not permitted

/etc/cron.d/anacron

cpio: /etc/cron.d/.placeholder: Cannot utime: Operation not permitted

/etc/cron.d/.placeholder

/etc/cron.d

cpio: /etc/idmapd.conf: Cannot utime: Operation not permitted

This doesnt happen on my other server. Any ideas ??

T3RM1NVT0R

02-07-2012 01:42 PM

@ Reply

Are you trying to say when you ssh using the user account user to other servers it works fine with sudo. However, it does not work on this particular server? If yes, then check the permission that this account has got on this server. Appears to be a file system permission issue to me.

metallica1973

02-07-2012 03:48 PM

It does appear to be an permission issue.

Regards

metallica1973

02-17-2012 09:43 AM

I had a senior moment and I realized that I wasnt using sudo in my statement so when testing I ran into some issues. Here is my testing scenario.

/etc/sudoers

Code:

user ALL=NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip

I know hostbased authentication is working:

Code:



ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180



Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux

Ubuntu 10.04.2 LTS



Welcome to Ubuntu!

* Documentation:  https://help.ubuntu.com/



Last login: Fri Feb 17 10:30:18 2012 from 10.7.0.112

user@mymachine:~$

When testing the command with sudo, it is still prompting me for a password.

Code:



ssh -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "sudo find / -depth"

[sudo] password for user:

metallica1973

02-17-2012 10:35 AM

I even changed

/etc/sudoers

Code:

user ALL = NOPASSWD: ALL

and it still prompts for a password:

Code:

user@mymachine:~$ ssh -t -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "sudo find / -depth"

[sudo] password for user:

but when just using:

Code:

ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180



Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux

Ubuntu 10.04.2 LTS



Welcome to Ubuntu!

* Documentation:  https://help.ubuntu.com/



Last login: Fri Feb 17 10:30:18 2012 from 10.7.0.112

user@mymachine:~$

its fine. ?????????????

metallica1973

02-21-2012 10:36 AM

It definately has to due with what I have inside of the sudoers file:

Code:

ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180



Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux

Ubuntu 10.04.2 LTS



Welcome to Ubuntu!

* Documentation:  https://help.ubuntu.com/



user@10.7.0.180:~$ sudo find / -depth

[sudo] password for user:

As you can see, after logging in, I am still getting prompted for a password.

metallica1973

02-21-2012 12:05 PM

It was in fact /etc/sudoers and the placement of my entry, so from:

Code:

root        ALL=(ALL) ALL

user  ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip

Code:



# Members of the admin group may gain root privileges

%admin ALL=(ALL) ALL

user  ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip, /bin/cat

worked like a charm.

http://askubuntu.com/questions/10005...on-not-working

solved!!!!

All times are GMT -5. The time now is 10:53 AM.