execution of remote script containing "sudo su" through ssh [duplicate] - linux

This question already has answers here:
Pass commands as input to another command (su, ssh, sh, etc)
(3 answers)
Closed 1 year ago.
I need to run a script which needs to be run with root privileges remotely. Therefore I add "sudo su" command at the start of the script. However the ssh just login the remote server and stuck at sudo su command, and it does not continue from next line in the script.
server.sh
sudo -s
sudo apt-get update
sudo apt-get upgrade
client.sh
scp -i "$key.pem" server.sh "$dns:/tmp"
ssh -tt -i "$key.pem" $dns "bash /tmp/server.sh"
server.sh and client.sh is at the same local directory. When I run ./client.sh, server.sh which is run remotely stuck at first line and does not continue with "sudo apt-get update" command. What is the reason of this behavious and is there a solution?

When you run the command sudo -s you change the user and the rest of the script is lost because it is in a new shell.
Remove the line sudo -s and try running the script again.
Note: it is important to remember that the user running sudo must be in the /etc/sudoers file with the username ALL=(ALL) NOPASSWD:ALL permissions.

sudo -s with no command starts a new, interactive shell. The following commands won't execute until it exits. See man sudo.
If you are already running apt-get via sudo, and sudo does not require a password, why do you need the sudo -s?

You can use
ssh user#ip '[command]'
to run [command] on the remote host. If you have a user with root privileges (aka. sudo) and if you can use commands without passwords (NOPASSWD:[command,list or ALL]) this is the safest way i can suggest however if you want the script to run on the remote server and triggered by the local computer you can always
ssh user#ip 'sudo /bin/bash /home/[user]/server.sh'
This would work as well. You can also use "scp" command to copy the script and then delete it with ssh again for automated one-script approach.

Related

How to sudo run a local script over ssh

I try to sudo run a local script over ssh,
ssh $HOST < script.sh
and I tried
ssh -t $HOST "sudo -s && bash" < script.sh
Actually, I searched a lot in google, find some similar questions, however, I don't find a solution which can sudo run a local script.
Reading the error message of
$ ssh -t $HOST "sudo -s && bash" < script.sh
Pseudo-terminal will not be allocated because stdin is not a terminal.
makes it pretty clear what's going wrong here.
You can't use the ssh parameter -t (which sudo needs to ask for a password) whilst redirecting your script to bash's stdin of your remote session.
If it is acceptable for you, you could transfer the local script via scp to your remote machine and then execute the script without the need of I/O redirection:
scp script.sh $HOST:/tmp/ && ssh -t $HOST "sudo -s bash /tmp/script.sh"
Another way to fix your issue is to use sudo in non-interactive mode -n but for this you need to set NOPASSWD within the remote machine's sudoers file for the executing user. Then you can use
ssh $HOST "sudo -n -s bash" < script.sh
To make Edward Itrich's answer more scalable and geared towards frequent use, you can set up a system where you only run a one line script that can be quickly ported to any host, file or command in the following manner:
Create a script in your Scripts directory if you have one by changing the name you want the script to be (I use this format frequently to change 1 word for my script name and create the file, set permissions and open for editing):
newscript="runlocalscriptonremotehost.sh"
touch $newscript && chmod +x $newscript && nano $newscript
In nano fill out the script as follows placing the directory and name information of the script you want to run remotely in the variable lines of runlocalscriptonremotehost.sh(only need to edit lines 1-3):
HOSTtoCONTROL="sudoadmin#192.168.0.254"
PATHtoSCRIPT="/home/username/Scripts/"
SCRIPTname="scripttorunremotely.sh"
scp $PATHtoSCRIPT$SCRIPTname $HOSTtoCONTROL:/tmp/ && ssh -t $HOSTtoCONTROL "sudo -s bash /tmp/$SCRIPTname"
Then just run:
sh ./runlocalscriptonremotehost.sh
Keep runlocalscriptonremotehost.sh open in a tabbed text editor for quick updating, go ahead and create a bash alias for the script and you have yourself an app-ified version of this frequently used operation.
First of all divide your objective in 2 parts. 1) ssh to the host. 2) run the command you want as sudo. After you are certain that you can 1) access the host and 2) have sudo privileges then you can combine the two commands with &&. What x_cmd && y_cmd does is that the y_cmd gets executed after x_cmd has exited successfully.

shell script giving "sudo: no tty present and no askpass program specified" when trying to execute sudo command [duplicate]

This question already has answers here:
How to fix 'sudo: no tty present and no askpass program specified' error?
(30 answers)
Closed 6 years ago.
I have a shell script which creates a user and executes another script as that user
sudo useradd -m devops
sudo passwd devops
sudo adduser devops sudo
su - devops -c "sh /path/to/myscript.sh"
This script creates the user,sets the password and adds user to sudo group as expected.
myscript.sh contains commands which uses sudo previlages. (sudo apt-get update, sudo apt-get install software-properties-common etc.). And other commands like ssh-keygen,curl and wget.
All commands except the one's with sudo are executed correctly and producing results as excepted.
But commands having sudo fails by giving the error "no tty present and no askpass program specified"
Why does this happen in this case and how can I overcome this?
I have seen similiar questions but will be thankful if I get a clear explanation in this context,thank you.
Try to replace this:
su - devops -c "sh /path/to/myscript.sh"
with this:
sudo -u devops -H sh -c "sh /path/to/myscript.sh"
The -c option of su doesn't support interactive mode:
-c, --command COMMAND Specify a command that will be invoked by
the shell using its -c.
The executed command will have no controlling terminal. This option
cannot be used to execute interractive programs which need a
controlling TTY.
(man su)
By the way, I wouldn't use sudo within a script everywhere. The script might simply require root permissions. Within the script you might drop privileges where necessary by means of the above-mentioned sudo command.

Sudo command from remote/CI platform does not work

I am able to run sudo command for my user on a linux server.
But when I run the same command from another (Jenkins CI console) to the same Linux server.
it says "sudo: sorry, you must have a tty to run sudo"
My command is like this,
echo ${somePassword} | sudo -S chown someUser /someFile.war

rundeck - switch to root user in job script

Logging via terminal I can switch to root user fine:
ubuntu#ip-10-0-0-70:~$ sudo -s
root#ip-10-0-0-70:~# whoami
root
So I created in rundeck a job script with this:
whoami;
echo "1st step";
sudo -s;
echo "2nd step";
And when I run this, it prints:
ubuntu
1st step
After print '1st step' it get stucked forever. Seems a problem with sudo -s command.
tried sudo -i but the same happens
tried sudo su - root but the same happens
rundeck is logging as ubuntu user, me too
any idea to switch to root in rundeck script?
This is the expected behaviour.
You are running a shell via 'sudo -s' and then not leaving/exiting it ! So it waits forever for somethig that won't come.
You can probably add 'sudo' as an Advanced option of your script (where it says "Run script with an interpreter or prefix. E.g.: sudo, time:").
But it will run your whole script as root.
If you just want a specific command to be run as root , just prefix your command with sudo as so:
sudo "enter_your_command_to_be_run_as_root_here"
Entering the command prefixed by Sudo will generate the following error on most linux distributions.
sudo: sorry, you must have a tty to run sudo
You can enable sudo without tty by running 'visudo' and commenting out the defaults line or removing 'requiretty' from the defaults line.
Details can be found here:
http://www.cyberciti.biz/faq/linux-unix-bsd-sudo-sorry-you-must-haveattytorun/

ssh command to run remote script exist shell on remote server when switching user

When I run a script such as this:
ssh -t root#10.10.10.10 '/tmp/somescript.sh'
where the script is defined as:
#!/bin/sh
mkdir -p /data/workday/cred
chown -R myuser:myuser /data
su myuser - # <------- NOTICE THIS ! ! ! !
rpm -Uvp --force --nodeps --prefix /data/place /data/RPMs/myrpm.rpm
Notice the above su command.
If I comment-out the su command, the script runs remotely and then my shell prompt returns to where I came from ( same server where I ran the ssh command above )
But leaving the script as listed above, causes the script to complete successfully but the shell prompt stays on the remote server.
How can I prevent that ? Making sure that the issuer of the rpm command is a different user than root just a listed ?
But leaving the script as listed above, causes the script to complete successfully but the shell prompt stays on the remote server.
Not exactly. The script is running up to the su command, which spawns a new subshell, and stopping there until you exit the shell. Until you exit that shell, the rpm command never runs, and when it does, it runs as root.
If you want to run the rpm command as a non-root user, you'd need to do something a little different, like:
sudo -u myuser rpm -Uvp ...
add 'exit' at the end of your script

Resources