Hi,
There are over a dozen of servers that I need to monitor for services running on them. Hence, I have created a separate VM on which I am hosting scripts for various purposes. I have written a script (bash) that checks the status of the services running on those servers.
Since my script has this line of command (for example):
Code:
/sbin/service vsftpd status
I have created a user (let's name it user_monitor) and added it to /etc/sudoers file by issuing "visudo" on all the servers.
Since I need to execute the command remotely from the VM so I have generated a Public RSA Key (ssh-heygen) and added it to "authorized_keys" file on all the servers.
But on some servers when issue a command such as the following:
Code:
ssh user_monitor@appServer1 '/sbin/service vsftpd status'
or
Code:
ssh user_monitor@appServer1 'ls -ltr /tmp'
I am still getting a prompt for password to continue the operation.
Whereas, on some other servers I get this error (an excerpt from the sample run of the script):
Code:
+ for SERVER in '`cat $INPUT_FILE`'
+ echo -e '\n----------------------------------\nChecking Services on Server: 10.196.5.49\n'
+ ssh user_monitor@10.196.5.49 /sbin/service apache2 status
Password:
service: only root can use service
What could be wrong? I have given sufficient permissions to user_monitor and have also shared its PK on the target server.
So, how to bypass the password prompt when I am issuing the command (ssh ...) as given above?
Here are the visudoers' contents:
Code:
Defaults always_set_home
Defaults env_reset
#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
# Comment out the preceding line and uncomment the following one if you need
# to use special input methods. This may allow users to compromise the root
# account if they are allowed to run commands without authentication.
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
user_monitor ALL=(ALL) NOPASSWD: ALL
Thanks,
Dev.