I want to start a docker container that adds a ssh key at startup :
My entrypoint looks like this :
#!/bin/bash
set -e
service ssh start
su anotherUser -s /bin/bash -c "eval \"$(ssh-agent)\" && ssh-add /Keys/id_rsa"
I've seen many posts that use sudo, but I do not have sudo available. I've found this solution but at the startup it shows me :
[....] Starting OpenBSD Secure Shell server: sshd 7[ ok 8.
Agent pid 36
Error connecting to agent: Permission denied
But when I execute the same lines at the promp everythings is ok :
xxx# su anotherUser
anotherUser#xxx:~$ eval $(ssh-agent)
Agent pid 47
anotherUser#xxx:~$ ssh-add /keys/id_rsa
Identity added: /keys/id_rsa (yyy#yyy-HP-EliteBook-850-G4)
You are running ssh-agent before su runs. The $ needs to be escaped so that the literal command substitution is passed to bash for execution.
su anotherUser -s /bin/bash -c 'eval $(ssh-agent) && ssh-add /Keys/id_rsa'
(Untested; probably needs more details about how the container is run and why ssh-add needs to be run as a different user.)
It may be simpler, though, to run your entry point with ssh-agent. For example,
# In the Dockerfile...
ENTRYPOINT ["ssh-agent", "entry.sh"]
Inside entry.sh, your environment will already have access to the agent.
#!/bin/bash
set -e
service ssh start
su anotherUser -s ssh-add /Keys/id_rsa
Related
Hi so basicly what I am trying to do is run a script that is located on the remote server as root by running su - before running the script.
I need to run the script after running the command su - otherwise it wont run. And at the state that the server will be sudo isnt installed yet.
Right now I have ssh -t $USERNAME#$IP "su - && /home/$USERNAME/firstboot/firstboot.sh" but it connects me as su - on the remote server but dosnt execute the script.
Any idea would be greatly apreciated thank you.
Right now I have ssh -t $USERNAME#$IP "su - && /home/$USERNAME/firstboot/firstboot.sh" but it connects me as su - on the remote server but dosnt execute the script.
Fundamentally, you can't use su like that. Forget ssh for a moment; if you run su - && date, the date command will only execute after the su shell has exited (because command1 && command2 means "run command1 first, and if it exits successfully, run command2).
You need to use the -c option to su if you want to run a command in the su environment:
su - -c date
In your script, that means you want to run:
su - -c /home/$USERNAME/firstboot/firstboot.sh
So your ssh command should look like:
ssh -t $USERNAME#$IP su - -c /home/$USERNAME/firstboot/firstboot.sh
We have linux script in our environment which does ssh to remote machine with a common user and copies a script from base machine to remote machine through scp.
Script Test_RunFromBaseVM.sh
#!/bin/bash
machines = $1
for machine in $machines
do
ssh -tt -o StrictHostKeyChecking=no ${machine} "mkdir -p -m 700 ~/test"
scp -r bin conf.d ${machine}:~/test
ssh -tt ${machine} "cd ~/test; sudo bash bin/RunFromRemotevm.sh"
done
Script RunFromRemotevm.sh
#!/bin/bash
echo "$(date +"%Y/%m/%d %H:%M:%S")"
Before running Test_RunFromBaseVM.sh script base vm we run below two commands.
eval $(ssh-agent)
ssh-add
Executing ./Test_RunFromBaseVM.sh "<list_of_machine_hosts>" getting permission denied error.
[remote-vm-1] bin/RunFromRemotevm.sh:line 2: /bin/date: Permission denied
any clue or insights on this error will be of great help.
Thanks.
I believe the problem is the presence of the NOEXEC: tag in the sudoers file, corresponding to the user (or group) that's executing the "cd ~/test; sudo bash bin/RunFromRemotevm.sh" command. This causes any further execv(), execve() and fexecve() calls to be refused, in this case it's /bin/date.
The solution is obviously remove the NOEXEC: from the main /etc/sudoers file or some file under /etc/sudoers.d, whereever is this defined.
I have a script which copies a file, then untar and install it (agent-service) on multiple systems (IPs are read from systems.txt file). In the script, I wanted to start the agent-service as user "test". However after the script execution, when I check the target system, the agent-service is shown as running as "root" user. What could be wrong here? Am I not using su command correct within the script?
~]# ps -ef | grep agent-service
root 23511 15196 0 02:12 pts/3 00:00:00 agent-service
Script>
#!/bin/bash
export AGENT=linux-5.8.1.tar.gz
while read host; do
scp $AGENT root#$host:/opt
ssh -n root#$host 'cd /opt/linux;
tar zxvf linux-5.8.1.tar.gz;
mkdir /opt/hyperic;
useradd -m test;
chown -R test:test /opt/linux;
su - test;
/opt/linux/agent-service start'
done < systems.txt
Using su as you do here spawns a new shell that has nothing to do thus exits immediately.
Either pass the command to su:
su - test -c /opt/linux/agent-service start
Or use sudo in a similar manner:
sudo -u test /opt/linux/agent-service start
I have this:
su $username -c ./script.sh
The problem is that within script I have 'sudo' commands and they says me
sudo: no tty present and no askpass program specified
How to do this right?
UPD: I need both sudo and su. What I need to do is run script as USER $username and be able to run certain commands within script as root (for example, pacman -S)
SOLUTION: I've added NOPASSWD option to /etc/sudoers before running script and delete this entry using sed after script finished.
First set chmod +x to your scripts
try:
#!/bin/bash
echo "hello"
su - <your-user> -c /path/to/script.sh
echo "good bye"
UPDATE:
You should find a way to force bash to use pseudo-tty
Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.
If the user is not as sudoers do the following steps:
This is what you need to do in /etc/sudoers:
# User privilege specification
root ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL
you have also ways to do:
you can pipe password if it has password:
echo "yourpassword" | sudo -S
OR
You can run the following script:
#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for username:"
send -- "user-password\r"
expect eof
Also you can do that:
sudo -kS bash - << EOF
password
whoami
echo "Not a good idea to have a password encoded in plain text"
EOF
If a root user is running a bash script that configure some stuff on machine for a user. The script would configure a git repository and an ssh key for password-less github communication, then it would clone the repository.
This will only happens once.
I'm new to bash, how would I do this?
My solution so far (this script is run as root):
USERNAME="vagrant"
HOMEDIR="/home/$USERNAME"
apt-get update -y
apt-get install git -y
cp id_rsa* $HOMEDIR/.ssh #copying predefined keys
su -c "eval `ssh-agent -s` ssh-add $HOMEDIR/.ssh/id_rsa" $USERNAME
chmod 400 $HOMEDIR/.ssh/id_rsa
cat $HOMEDIR/.ssh/id_rsa.pub > $HOMEDIR/.ssh/known_hosts
This doesn't work because the key is not being added, I get the error:
Could not open a connection to your authentication agent.
With a root user that has no login on a remote host, and /root/.ssh does not exist, I can interactively ssh in with:
su - $USERNAME -c "ssh $USERNAME#<remotehost>"
It reads USERNAME's ~/.ssh/known_hosts file (or prompts for verification). If correct keys exist in USERNAME's ~/.ssh it uses them. When done, there is still no /root/.ssh, i.e. this is completely done as USERNAME, not root.
Likewise with git cloning:
su - $USERNAME -c "git clone remoteuser#host:/path/to/repo"
Just be careful of quoting. If you want a variable dereferenced at the time you run su, use double quotes. If you want a variable dereferenced after su has handed off to the user's shell, use single quotes. Example:
su - myuser -c "echo $HOME"
/root
su - myuser -c 'echo $HOME'
/home/myuser