LinuxQuestions.org - sudo within ssh remote

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - sudo within ssh remote (https://www.linuxquestions.org/questions/linux-newbie-8/sudo-within-ssh-remote-4175634589/)

sudo within ssh remote

Hi .

I have a problem, please see if anyone can help me out:

I have 2 servers which I have connected through an ssh without password (with public keys permissions, etc). The user input both on the client and on the server is john.

That is, I do:

ssh john @ server uname -a for example (and I have managed to work without password) (on the server there is also the user john as I said)

But now I need to do

The normal operation in the server is to do (entering with user john) then sudo su - userserver2 and then execute a script with sudo (since it is root) with sudo /etc/init.d/scritp1

What I want is to be able to execute the script from the remote client

but ssh john @ server "sudo su - userserver2" for example, it does not work, it gives me permission denied.

How could I do it please?

Thanks in advance.

Welcome to the forum.

su and sudo should not be combined.

A) If you mean to log in as john and then run script1 as root then

Code:

ssh -l john server "sudo /etc/init.d/script1"

B) If you mean to log in as john and then run script1 as userserver2 then

Code:

ssh -l john server "sudo -u userserver2 /etc/init.d/script1"

But in both cases the user john has to be allowed in /etc/sudoers to do that:

Code:

%john ALL=(root:root) NOPASSWD: /etc/init.d/script1 ""

Code:

%john ALL=(userserver2) NOPASSWD: /etc/init.d/script1 ""

Note that the full path is included there and that the script name is followed by "" to disallow any parameters.

For more on /etc/sudoers see Michael W Lucas' book sudo Mastery or his online presentation based on the book.

I get this:

john@clientserver:~$ ssh john@server "sudo -u userserver2 ls"
sudo: sorry, you must have a tty to run sudo

john@clientserverv:~$ ssh john@server "sudo -u userserver2 /bin/bash"
sudo: sorry, you must have a tty to run sudo

And finally:

john@clientserver:~$ ssh john@server"/bin/bash /usr/bin/sudo -u userserver2 ls"
/bin/bash: /usr/bin/sudo: Permission denied

What can i do please?

Quote:

Originally Posted by John231 (Post 5881961)

Read carefully and follow directions?

You have left off a command parameter that was shown to you. Please examine that recent message from Turbocapitalist to see what you missed and try again.

Reading the ssh man page and looking up that parameter might be instructive, but just give it a try first.

Sorry, i am a complete newbie

As a frame of reference what distribution / version are you running.
I assume you are trying to restart some service using a script from a remote computer.

To run a command from ssh that requires input you need to use the -t option.

ssh -t john@server "sudo /etc/init.d/script1"

ssh -t john@server "su -c /etc/init.d/script1"

THis is the actual situation:

I have no access to root, nor to sudoers file in any server.

I have a server that is named server1 (the server). And i have another server2 (the client)

In server1 i log in with user operador (it's the only password i have), and i have permission to do:

(root) NOPASSWD: /bin/su - sauron

So i do : sudo su - sauron , and then when i do: sudo -l , i get:

User sauron may run the following commands on this host:
(root) NOPASSWD: /etc/init.d/tomcat
(root) NOPASSWD: /etc/init.d/romillot

So i do : sudo /etc/init.d/romillot [stop/start/status]

In server2 i have only the password for operador.

I have configured the remote ssh without passwrod, so i am able to do :

operador@server2:~/.ssh$ ssh operador@server1 "uname -a"
Linux server1 2.6.39-300.17.2.el6uek.x86_64 #1 SMP Wed Nov 7 17:48:36 PST 2012 x86_64 x86_64 x86_64 GNU/Linux
operador@es2petvid01v:~/.ssh$

And now I am trying to remotely restart the romillot service (using the ssh without password). So I try to do something like:

ssh operator@server1 "sudo su - sauron /etc/init.d/romillot status"

But at first i get:
sudo: sorry, you must have a tty to run sudo

I try other things:

operador@server2:~/.ssh$ ssh operador@server1 "/bin/bash sudo su - sauron /etc/init.d/romillot status"
/bin/bash: sudo: No such file or directory

or

operador@server2:~/.ssh$ ssh operador@server1 "/bin/bash /usr/bin/sudo su - sauron /etc/init.d/romillot status"
/bin/bash: /usr/bin/sudo: Permission denied

As i said , i am a complete newbie :(

Ok. Thanks for the additional information. As mentioned, su and sudo at the same time are redundant.

Given the current sudoers misconfiguration, you could build the line like this:

Code:

sudo -t -l john server "sudo su - userserver2 -c 'sudo /etc/init.d/scritp1'"

If that does not work, you'll have to contact the server's system administrator and have them repair the configuration to skip su because it is not only redundant but actually getting in the way. If you check "man su" you will see that the -c option cannot execute a program which requires an interactive TTY, which would mean sudo in this case if it needs a password. If it does not need a password for script1, then that line should be fine.

Either way, please, point the server's system administrator at the sudo: You're Doing It Wrong video. And have them check "man sudo" for the -u option.

Currently the chain is three steps long. It can be cut to two steps by eliminating su and simplicity enhances security...