how to sudo su during ssh remote command - linux

I am writing a bash script to scan multiple linux machines for a line to see if it meets standards for the organization:
grep "sulogin" /etc/inittab ~:S:wait:/sbin/sulogin
I am doing this using the ssh command like this:
ssh -q <<HOSTNAME>> grep "sulogin" /etc/inittab ~:S:wait:/sbin/sulogin
the problem is as follows:
The box I am on (the Jump Box) cannot sudo into root and then execute ssh. (I know, weird)
The box I am on has UserA, which is on all servers. UserA is on the list of sudoers in which I can execute sudo su - manually on each box. (I want to automate this.
/sbin/sulogin is a root only file. and cannot see the file under any other user.
how do I include sudo su - into the ssh command to ssh into the server, then sudo su -, then scan the file I need?
Thanks.

Try this. user has to be part of sudoers.
ssh -t user#hostname 'sudo grep "sulogin" /etc/inittab ~:S:wait:/sbin/sulogin'

Related

execution of remote script containing "sudo su" through ssh [duplicate]

This question already has answers here:
Pass commands as input to another command (su, ssh, sh, etc)
(3 answers)
Closed 1 year ago.
I need to run a script which needs to be run with root privileges remotely. Therefore I add "sudo su" command at the start of the script. However the ssh just login the remote server and stuck at sudo su command, and it does not continue from next line in the script.
server.sh
sudo -s
sudo apt-get update
sudo apt-get upgrade
client.sh
scp -i "$key.pem" server.sh "$dns:/tmp"
ssh -tt -i "$key.pem" $dns "bash /tmp/server.sh"
server.sh and client.sh is at the same local directory. When I run ./client.sh, server.sh which is run remotely stuck at first line and does not continue with "sudo apt-get update" command. What is the reason of this behavious and is there a solution?
When you run the command sudo -s you change the user and the rest of the script is lost because it is in a new shell.
Remove the line sudo -s and try running the script again.
Note: it is important to remember that the user running sudo must be in the /etc/sudoers file with the username ALL=(ALL) NOPASSWD:ALL permissions.
sudo -s with no command starts a new, interactive shell. The following commands won't execute until it exits. See man sudo.
If you are already running apt-get via sudo, and sudo does not require a password, why do you need the sudo -s?
You can use
ssh user#ip '[command]'
to run [command] on the remote host. If you have a user with root privileges (aka. sudo) and if you can use commands without passwords (NOPASSWD:[command,list or ALL]) this is the safest way i can suggest however if you want the script to run on the remote server and triggered by the local computer you can always
ssh user#ip 'sudo /bin/bash /home/[user]/server.sh'
This would work as well. You can also use "scp" command to copy the script and then delete it with ssh again for automated one-script approach.

Linux shell script - How to switch user and run a script?

I'm currently writing a .sh script to deploy different applications on 4 different machines. Right now I'm having trouble with running a script as another user. I need to log in with myUser with my credentials and then sudo su to user2 to run a specific script.
Normally, I would manually do the following:
ssh myUser#remotehost
[Type in password]
sudo su - user2
cd /path/only/accessible/to/user2
./someScript.sh
when I tried
ssh -t myUser#$remotehost "sudo su - user2 && /path/only/accessible/to/user2 && ./someScript.sh"
I was asked my password, then stayed logged as user2, without any feedback from the script, which would normally give me some informations.
What am I doing wrong?
Try
ssh -t myUser#$remotehost "sudo -u user2 /path/only/accessible/to/user2/someScript.sh"
If you need shell access after that you can use
ssh -t myUser#$remotehost "sudo -u user2 /path/only/accessible/to/user2/someScript.sh && /bin/bash -l"
An update if anyone wonders about this.
What I finally did was to log in with an ssh key. My sysadmin had to get involved in order to set it up, but at least it is a viable option.
ssh -i /path/to/sshKey user2#$remoteHost "/path/only/accessible/to/user2/someScript.sh"

cd to directory and su to particular user on remote server in script

I have some tasks to do on a remote Ubuntu CLI-only server in our offices every 2 weeks. I usually type the commands one by one, but I am trying to find a way (write a script maybe?) to decrease the time I spend in repeating those first steps.
Here is what I do:
ssh my_username#my_local_server
# asks for my_username password
cd /path/to/particular/folder
su particular_user_on_local_server
# asks for particular_user_on_local_server password
And then I can do my tasks (run some Ruby script on Rails applications, copy/remove files, restart services, etc.)
I am trying to find a way to do this in a one-step script/command:
"ssh connect then cd to directory then su to this user"
I tried to use the following:
ssh username#server 'cd /some/path/to/folder ; su other_user'
# => does not keep my connection open to the server, just execute my `cd`
# and then tells me `su: must be run from terminal`
ssh username#server 'cd /some/path/to/folder ; bash ; su other_user'
# => keeps my connection open to the server but doesn't switch to user
# and I don't see the usual `username:~/current/folder` prefix in the CLI
Is there a way to open a terminal (keep connection) on a remote server via ssh and change directory + switch to particular in a automated way? (to make things harder, I'm using Yakuake)
You can force allocation of a pseudo-terminal with -t, change to the desired directory and then replace the shell with one where you are the desired user:
ssh -t username#server 'cd /some/path/to/folder && exec bash -c "su other_user"'
sudo -H keeps the current working directory, so you could do:
ssh -t login_user#host.com 'cd /path/to/dir/; sudo -H -u other_user bash'
The -t parameter of ssh is needed otherwise the second sudo won't be able to ask you for your password.

How to grant Nagios permissions to run some commands in custom script?

I have been making some custom shell scripts for my nagios machine. I was able to make them run just fine but for some reason some commands in the script don't seem to be working.
For instance commands like echo, cut , ps , grep work fine but commands like touch, useradd dont seem to work, even with sudo. If I run the script from the terminal, all the commands in the script work.
How can I give nagios permissions to run these commands?
I'm running nagios3 on ubuntu 14.04.5 lts
Edit: Added a few lines of code which aren't being run
sudo useradd -m $USERNAME
(echo $PASSWORD; echo $PASSWORD) | sudo smbpasswd -s -a $USERNAME
Standard way is setup permission for Nagios user on monitored server, for instance NRPE, in /etc/sudoers file.
1. method
Try add something like this in your sudoers file.
Defaults:nrpe !requiretty
nrpe ALL= NOPASSWD: useradd -m
nrpe ALL= NOPASSWD: smbpasswd -s -a
PS: For easy editing sudoers file you can use visudo command ;-)
2. method
Or you can try add Nagios user to sudo group via sudo usermod -aG sudo <username>
-a stands for add
G is for group
Tell nagios to run the script as sudo in your .cfg file...
Assuming its permissions problem.
Edit /etc/sudoers file using visudo, this allows automatic file check for errors.
Defaults:nrpe !requiretty
nrpe ALL=(root) NOPASSWD: /path/to/your/command/or/script
Verify sudo has assigned the above permissions to the user in this case nrpe
sudo -U nrpe -l
you should see the command you added listed within the outpul
Edit /etc/nagios/nrpe.cfg
Add your command to the end of the file
e.g.
command[your_command]=/usr/bin/sudo /path/to/your/command/or/script
Restart nrpe
Centos: systemctl restart nrpe (use the command available based on your Operating system)

How to run remote ssh session from Jenkins with sudo rights?

Using 'Execute shell script on remote host using ssh' option and need sudo rights on remote server to change permissions and remove protected files.
How to run session with this rights?
Getting message
sudo: sorry, you must have a tty to run sudo
when trying to run sudo command.
To run sudo remotely you have 2 options
Allow the user to run sudo commands without a password.
Append username ALL=(ALL) NOPASSWD: ALL the /etc/sudoers file with sudo visudo. Alternatively you can modify this line to only allow certain sudo commands to be run without a password
Use the pseudo-tty to emulate tty remotely and enter your sudo password when requsted.
To do this run ssh -t username#host command_to_execute
If the remote server accepts the direct login of the root user you can simply do:
ssh -l root yourserver command_to_execute
Similar syntax is:
ssh root#yourserver command_to_execute
Mind that allowing the login of the root user via ssh to a remote server isn't always a good solution.
A better solution would be change the owner / permissions to allow a non-root user to modify the protected files.

Resources