LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-21-2018, 01:45 AM   #1
John231
LQ Newbie
 
Registered: Jul 2018
Posts: 4

Rep: Reputation: Disabled
sudo within ssh remote


Hi .

I have a problem, please see if anyone can help me out:

I have 2 servers which I have connected through an ssh without password (with public keys permissions, etc). The user input both on the client and on the server is john.

That is, I do:

ssh john @ server uname -a for example (and I have managed to work without password) (on the server there is also the user john as I said)

But now I need to do

The normal operation in the server is to do (entering with user john) then sudo su - userserver2 and then execute a script with sudo (since it is root) with sudo /etc/init.d/scritp1

What I want is to be able to execute the script from the remote client

but ssh john @ server "sudo su - userserver2" for example, it does not work, it gives me permission denied.

How could I do it please?

Thanks in advance.
 
Old 07-21-2018, 02:16 AM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 3,267
Blog Entries: 3

Rep: Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443
Welcome to the forum.

su and sudo should not be combined.

A) If you mean to log in as john and then run script1 as root then

Code:
ssh -l john server "sudo /etc/init.d/script1"
B) If you mean to log in as john and then run script1 as userserver2 then

Code:
ssh -l john server "sudo -u userserver2 /etc/init.d/script1"
But in both cases the user john has to be allowed in /etc/sudoers to do that:

Code:
%john ALL=(root:root) NOPASSWD: /etc/init.d/script1 ""
or

Code:
%john ALL=(userserver2) NOPASSWD: /etc/init.d/script1 ""
Note that the full path is included there and that the script name is followed by "" to disallow any parameters.

For more on /etc/sudoers see Michael W Lucas' book sudo Mastery or his online presentation based on the book.
 
Old 07-21-2018, 06:16 AM   #3
John231
LQ Newbie
 
Registered: Jul 2018
Posts: 4

Original Poster
Rep: Reputation: Disabled
I get this:

john@clientserver:~$ ssh john@server "sudo -u userserver2 ls"
sudo: sorry, you must have a tty to run sudo

john@clientserverv:~$ ssh john@server "sudo -u userserver2 /bin/bash"
sudo: sorry, you must have a tty to run sudo

And finally:

john@clientserver:~$ ssh john@server"/bin/bash /usr/bin/sudo -u userserver2 ls"
/bin/bash: /usr/bin/sudo: Permission denied

What can i do please?
 
Old 07-21-2018, 06:45 AM   #4
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,667

Rep: Reputation: 1083Reputation: 1083Reputation: 1083Reputation: 1083Reputation: 1083Reputation: 1083Reputation: 1083Reputation: 1083
Quote:
Originally Posted by John231 View Post
I get this:

john@clientserver:~$ ssh john@server "sudo -u userserver2 ls"
sudo: sorry, you must have a tty to run sudo

john@clientserverv:~$ ssh john@server "sudo -u userserver2 /bin/bash"
sudo: sorry, you must have a tty to run sudo

And finally:

john@clientserver:~$ ssh john@server"/bin/bash /usr/bin/sudo -u userserver2 ls"
/bin/bash: /usr/bin/sudo: Permission denied

What can i do please?
Read carefully and follow directions?

You have left off a command parameter that was shown to you. Please examine that recent message from Turbocapitalist to see what you missed and try again.

Reading the ssh man page and looking up that parameter might be instructive, but just give it a try first.

Last edited by wpeckham; 07-21-2018 at 06:46 AM.
 
Old 07-21-2018, 07:27 AM   #5
John231
LQ Newbie
 
Registered: Jul 2018
Posts: 4

Original Poster
Rep: Reputation: Disabled
Sorry, i am a complete newbie
 
Old 07-21-2018, 07:31 AM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 17,338

Rep: Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230Reputation: 2230
As a frame of reference what distribution / version are you running.
I assume you are trying to restart some service using a script from a remote computer.

To run a command from ssh that requires input you need to use the -t option.

ssh -t john@server "sudo /etc/init.d/script1"

ssh -t john@server "su -c /etc/init.d/script1"

Last edited by michaelk; 07-21-2018 at 07:37 AM.
 
Old 07-21-2018, 08:15 AM   #7
John231
LQ Newbie
 
Registered: Jul 2018
Posts: 4

Original Poster
Rep: Reputation: Disabled
THis is the actual situation:

I have no access to root, nor to sudoers file in any server.

I have a server that is named server1 (the server). And i have another server2 (the client)

In server1 i log in with user operador (it's the only password i have), and i have permission to do:

(root) NOPASSWD: /bin/su - sauron

So i do : sudo su - sauron , and then when i do: sudo -l , i get:

User sauron may run the following commands on this host:
(root) NOPASSWD: /etc/init.d/tomcat
(root) NOPASSWD: /etc/init.d/romillot

So i do : sudo /etc/init.d/romillot [stop/start/status]


In server2 i have only the password for operador.

I have configured the remote ssh without passwrod, so i am able to do :

operador@server2:~/.ssh$ ssh operador@server1 "uname -a"
Linux server1 2.6.39-300.17.2.el6uek.x86_64 #1 SMP Wed Nov 7 17:48:36 PST 2012 x86_64 x86_64 x86_64 GNU/Linux
operador@es2petvid01v:~/.ssh$

And now I am trying to remotely restart the romillot service (using the ssh without password). So I try to do something like:

ssh operator@server1 "sudo su - sauron /etc/init.d/romillot status"

But at first i get:
sudo: sorry, you must have a tty to run sudo

I try other things:

operador@server2:~/.ssh$ ssh operador@server1 "/bin/bash sudo su - sauron /etc/init.d/romillot status"
/bin/bash: sudo: No such file or directory

or

operador@server2:~/.ssh$ ssh operador@server1 "/bin/bash /usr/bin/sudo su - sauron /etc/init.d/romillot status"
/bin/bash: /usr/bin/sudo: Permission denied

As i said , i am a complete newbie
 
Old 07-21-2018, 09:43 AM   #8
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 3,267
Blog Entries: 3

Rep: Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443Reputation: 1443
Ok. Thanks for the additional information. As mentioned, su and sudo at the same time are redundant.

Given the current sudoers misconfiguration, you could build the line like this:

Code:
sudo -t -l john server "sudo su - userserver2 -c 'sudo /etc/init.d/scritp1'"
If that does not work, you'll have to contact the server's system administrator and have them repair the configuration to skip su because it is not only redundant but actually getting in the way. If you check "man su" you will see that the -c option cannot execute a program which requires an interactive TTY, which would mean sudo in this case if it needs a password. If it does not need a password for script1, then that line should be fine.

Either way, please, point the server's system administrator at the sudo: You're Doing It Wrong video. And have them check "man sudo" for the -u option.

Currently the chain is three steps long. It can be cut to two steps by eliminating su and simplicity enhances security...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH script with SSH keys and sudo privileges Kefijoo Programming 3 06-09-2017 02:27 AM
sudo connect to a remote server and execute scripts in remote server masubram Linux - Newbie 6 07-31-2016 09:35 AM
Work on a remote project with Eclipse via SSH and SVN+SSH (2 remote Linux) alwaystudent Linux - Software 5 08-12-2015 11:40 AM
[SOLVED] SSH remote command: Pipe remote output to local machine? kenneho Linux - Server 6 12-06-2012 01:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration