LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 02-03-2012, 02:12 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Rep: Reputation: 60
Using Commands over SSH using Sudo


Is there a way to transfer my sudo password via ssh so that I can copy files remotely and pass them locally, so:

Code:
cat sudo-passwd-file|ssh -t user@10.7.0.180 'sudo find / -depth|cpio -oacv|gzip' > /path/to/dir/file.cpio.gz
I am in the process of a creating a script. Everytime I try and just do this I get:

Code:
cat passwd-file|ssh -t saint@10.7.0.180 'sudo find / -depth'
Pseudo-terminal will not be allocated because stdin is not a terminal.
sudo: no tty present and no askpass program specified
??
 
Old 02-03-2012, 02:52 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi metallica1973,

Isn't the easy way would be setting up key based authentication for that particular user and let it run commands on the remote server? You can refer following link that will help you out: http://linuxproblem.org/art_9.html

The reason I am suggesting this because it is more secure than keeping your password in a file (plain-text)
 
Old 02-03-2012, 03:15 PM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
I appoligize for not clarifying my setup. I do use "hostbasedauthentication" and currently use passwordless ssh commands to do other stuff like:

example:

Code:
ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "find / -depth|cpio -oacv|gzip" > /path/to/dir/file.cpio.gz
I dont have any permission issues in this instance but now I have been ask to do the samething on another server that requires me to use my sudo password or else I will get permission issues when trying to read different files.
 
Old 02-03-2012, 03:34 PM   #4
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
Couldnt I just:

connect to 10.7.0.180 and add a newline or edit existing to look like

Code:
user ALL=(ALL)               NOPASSWD: /usr/bin/find
 
Old 02-03-2012, 03:51 PM   #5
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Yes, you can do that. However, it should look like as follows instead:

Code:
user ALL=NOPASSWD: /usr/bin/find
So that this user is only allowed to run find command with elevated privileges.

Below syntax doesn't look correct to me.

Code:
user ALL=(ALL)               NOPASSWD: /usr/bin/find
 
Old 02-07-2012, 12:23 PM   #6
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
Many thanks for the reply. I made the correction made it specific to a user:

Code:
user   ALL=NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip
and noticed that now when I perform a:

Code:
ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "find / -depth|cpio -oacv|gzip" > /path/to/dir/file.cpio.gz
I am getting from cpio:

Code:
cpio: /etc/ConsoleKit/seats.d/00-primary.seat: Cannot utime: Operation not permitted
/etc/ConsoleKit/seats.d/00-primary.seat
/etc/ConsoleKit/seats.d
/etc/ConsoleKit
cpio: /etc/blkid.conf: Cannot utime: Operation not permitted
/etc/blkid.conf
cpio: /etc/cron.d/anacron: Cannot utime: Operation not permitted
/etc/cron.d/anacron
cpio: /etc/cron.d/.placeholder: Cannot utime: Operation not permitted
/etc/cron.d/.placeholder
/etc/cron.d
cpio: /etc/idmapd.conf: Cannot utime: Operation not permitted
This doesnt happen on my other server. Any ideas ??

Last edited by metallica1973; 02-07-2012 at 12:28 PM.
 
Old 02-07-2012, 01:42 PM   #7
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Are you trying to say when you ssh using the user account user to other servers it works fine with sudo. However, it does not work on this particular server? If yes, then check the permission that this account has got on this server. Appears to be a file system permission issue to me.
 
Old 02-07-2012, 03:48 PM   #8
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
It does appear to be an permission issue.

Regards
 
Old 02-17-2012, 09:43 AM   #9
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
I had a senior moment and I realized that I wasnt using sudo in my statement so when testing I ran into some issues. Here is my testing scenario.

/etc/sudoers


Code:
user   ALL=NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip
I know hostbased authentication is working:


Code:
ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180

Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Ubuntu 10.04.2 LTS

Welcome to Ubuntu!
* Documentation:  https://help.ubuntu.com/

Last login: Fri Feb 17 10:30:18 2012 from 10.7.0.112
user@mymachine:~$
When testing the command with sudo, it is still prompting me for a password.


Code:
ssh -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "sudo find / -depth"
[sudo] password for user:
??

Last edited by metallica1973; 02-17-2012 at 10:36 AM.
 
Old 02-17-2012, 10:35 AM   #10
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
I even changed

/etc/sudoers

Code:
user  ALL = NOPASSWD: ALL
and it still prompts for a password:

Code:
user@mymachine:~$ ssh -t -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180 "sudo find / -depth"
[sudo] password for user:
but when just using:

Code:
ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180

Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Ubuntu 10.04.2 LTS

Welcome to Ubuntu!
* Documentation:  https://help.ubuntu.com/

Last login: Fri Feb 17 10:30:18 2012 from 10.7.0.112
user@mymachine:~$
its fine. ?????????????
 
Old 02-21-2012, 10:36 AM   #11
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
It definately has to due with what I have inside of the sudoers file:

Code:
ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180

Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Ubuntu 10.04.2 LTS

Welcome to Ubuntu!
* Documentation:  https://help.ubuntu.com/

user@10.7.0.180:~$ sudo find / -depth
[sudo] password for user:
As you can see, after logging in, I am still getting prompted for a password.
 
Old 02-21-2012, 12:05 PM   #12
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,184

Original Poster
Rep: Reputation: 60
It was in fact /etc/sudoers and the placement of my entry, so from:

Code:
root	ALL=(ALL) ALL
user  ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip
to

Code:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
user   ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip, /bin/cat
worked like a charm.


http://askubuntu.com/questions/10005...on-not-working

solved!!!!

Last edited by metallica1973; 02-21-2012 at 12:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo to disallow certain commands chakkerz Linux - Security 6 01-10-2011 09:01 PM
[SOLVED] Allow commands without SUDO Touch Linux - Newbie 6 01-05-2011 08:33 AM
Is there a list of SUDO commands anywhere? NFI Linux - Newbie 7 06-28-2009 07:19 PM
Can sudo restrict certain commands? Thaidog Linux - Security 3 01-30-2009 11:24 AM
sudo and at commands ulto Programming 2 05-01-2004 08:36 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 06:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration