Using Commands over SSH using Sudo

metallica1973 · 02-03-2012, 02:12 PM

Is there a way to transfer my sudo password via ssh so that I can copy files remotely and pass them locally, so:

Code:

cat sudo-passwd-file|ssh -t user@10.7.0.180 'sudo find / -depth|cpio -oacv|gzip' > /path/to/dir/file.cpio.gz

I am in the process of a creating a script. Everytime I try and just do this I get:

Code:

cat passwd-file|ssh -t saint@10.7.0.180 'sudo find / -depth'
Pseudo-terminal will not be allocated because stdin is not a terminal.
sudo: no tty present and no askpass program specified

??

T3RM1NVT0R · 02-03-2012, 02:52 PM

Hi metallica1973,

Isn't the easy way would be setting up key based authentication for that particular user and let it run commands on the remote server? You can refer following link that will help you out: http://linuxproblem.org/art_9.html

The reason I am suggesting this because it is more secure than keeping your password in a file (plain-text)

metallica1973 · 02-03-2012, 03:15 PM

I appoligize for not clarifying my setup. I do use "hostbasedauthentication" and currently use passwordless ssh commands to do other stuff like:

example:

Code:

ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "find / -depth|cpio -oacv|gzip" > /path/to/dir/file.cpio.gz

I dont have any permission issues in this instance but now I have been ask to do the samething on another server that requires me to use my sudo password or else I will get permission issues when trying to read different files.

metallica1973 · 02-03-2012, 03:34 PM

Couldnt I just:

connect to 10.7.0.180 and add a newline or edit existing to look like

Code:

user ALL=(ALL)               NOPASSWD: /usr/bin/find

T3RM1NVT0R · 02-03-2012, 03:51 PM

Yes, you can do that. However, it should look like as follows instead:

Code:

user ALL=NOPASSWD: /usr/bin/find

So that this user is only allowed to run find command with elevated privileges.

Below syntax doesn't look correct to me.

Code:

user ALL=(ALL)               NOPASSWD: /usr/bin/find

metallica1973 · 02-07-2012, 12:23 PM

Many thanks for the reply. I made the correction made it specific to a user:

Code:

user   ALL=NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip

and noticed that now when I perform a:

Code:

ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "find / -depth|cpio -oacv|gzip" > /path/to/dir/file.cpio.gz

I am getting from cpio:

Code:

cpio: /etc/ConsoleKit/seats.d/00-primary.seat: Cannot utime: Operation not permitted
/etc/ConsoleKit/seats.d/00-primary.seat
/etc/ConsoleKit/seats.d
/etc/ConsoleKit
cpio: /etc/blkid.conf: Cannot utime: Operation not permitted
/etc/blkid.conf
cpio: /etc/cron.d/anacron: Cannot utime: Operation not permitted
/etc/cron.d/anacron
cpio: /etc/cron.d/.placeholder: Cannot utime: Operation not permitted
/etc/cron.d/.placeholder
/etc/cron.d
cpio: /etc/idmapd.conf: Cannot utime: Operation not permitted

This doesnt happen on my other server. Any ideas ??

T3RM1NVT0R · 02-07-2012, 01:42 PM

Are you trying to say when you ssh using the user account user to other servers it works fine with sudo. However, it does not work on this particular server? If yes, then check the permission that this account has got on this server. Appears to be a file system permission issue to me.

metallica1973 · 02-07-2012, 03:48 PM

It does appear to be an permission issue.

Regards

metallica1973 · 02-17-2012, 09:43 AM

I had a senior moment and I realized that I wasnt using sudo in my statement so when testing I ran into some issues. Here is my testing scenario.

/etc/sudoers

Code:

user   ALL=NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip

I know hostbased authentication is working:

Code:

ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180

Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Ubuntu 10.04.2 LTS

Welcome to Ubuntu!
* Documentation:  https://help.ubuntu.com/

Last login: Fri Feb 17 10:30:18 2012 from 10.7.0.112
user@mymachine:~$

When testing the command with sudo, it is still prompting me for a password.

Code:

ssh -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "sudo find / -depth"
[sudo] password for user:

??

metallica1973 · 02-17-2012, 10:35 AM

I even changed

/etc/sudoers

Code:

user  ALL = NOPASSWD: ALL

and it still prompts for a password:

Code:

user@mymachine:~$ ssh -t -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "sudo find / -depth"
[sudo] password for user:

but when just using:

Code:

ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180

Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Ubuntu 10.04.2 LTS

Welcome to Ubuntu!
* Documentation:  https://help.ubuntu.com/

Last login: Fri Feb 17 10:30:18 2012 from 10.7.0.112
user@mymachine:~$

its fine. ?????????????

metallica1973 · 02-21-2012, 10:36 AM

It definately has to due with what I have inside of the sudoers file:

Code:

ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180

Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Ubuntu 10.04.2 LTS

Welcome to Ubuntu!
* Documentation:  https://help.ubuntu.com/

user@10.7.0.180:~$ sudo find / -depth
[sudo] password for user:

As you can see, after logging in, I am still getting prompted for a password.

metallica1973 · 02-21-2012, 12:05 PM

It was in fact /etc/sudoers and the placement of my entry, so from:

Code:

root	ALL=(ALL) ALL
user  ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip

to

Code:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
user   ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip, /bin/cat

worked like a charm.

http://askubuntu.com/questions/10005...on-not-working

solved!!!!