I'm looking to respond to a password prompt in the linux terminal. I know how to do this with echo and a non-password prompt. For example, let's say whatsyourname.sh prompted me for a string with my name after being ran, but didn't allow my name to be passed as an argument in the inital command. I would do the following:
echo -e "dan" | ./whatsyourname.sh
However, if I ran a command that asked me for a password after being ran, the following does not work:
echo -e "supersecurepassword" | sudo apt-get update
I'm guessing this has something to do with the fact that the characters are hidden while a password is being input in the command line. How would I respond to a password prompt within the inital command?
You're looking for sudo -S
Explaining -S - man sudo
-S, --stdin
Write the prompt to the standard error and read the password from the standard input instead of
using the terminal device. The password must be followed by a newline character.
Simple,
#!/bin/bash
echo "notsecure" | sudo -S apt-get update
Variable,
#!/bin/bash
pass="notsecure"
echo $pass | sudo -S apt-get update
Lets still type it,
#!/bin/bash
read -s -p "[sudo] sudo password for $(whoami): " pass
echo $pass | sudo -S apt-get update
Explaining -s and -p - help read
-r do not allow backslashes to escape any characters
-s do not echo input coming from a terminal
Handy if you make a script that logs into multiple servers to view route -n for example.
Related
Imagine you run script as user A: sudo -u A ./script.sh
Inside that script.sh we have a line that calls another script script2.sh with a different user B: sudo -u B ./script2.sh. Now I get prompted to enter a password for user B. Is there any way to provide that password uppon call?
P.S. I know all the security breaches it can create. Please do not mention me that.
Yes you have option for that. But that password you have to provide at the time of executing the script or hard coded it in the script itself. Try with the below example:-
echo 'passwordofB' | sudo -u B -S ./script2.sh
Also you can do it like:-
sudo -u A ./script.sh passwordofB #as a command line parameter
now inside script.sh:-
echo $1 | sudo -u B -S ./script2.sh
You are executing another script sudo -u B ./script2.sh from script ./script.sh right? So change that line with echo $1 | sudo -u B -S ./script2.sh and run your first script as sudo -u A ./script.sh passwordofB where passwordofB is the password for user 'B'
I'm trying to run sudo with command with provided user password in one line
echo abc$*#def | sudo -S -u user_account ./script_name
echo abc\$*#def | sudo -S -u user_account ./script_name
echo 'abc$*#def' | sudo -S -u user_account ./script_name
echo 'abc\$*#def' | sudo -S -u user_account ./script_name
all of these commands keep getting wrong password please try again error
I also tried changing user password to 'm' and it worked
echo 'm' | sudo -S -u user_account ./script_name
so that means something is wrong with special char in password
note: I'm using OS X 10.13.3, this is a command run by me only, and I want a one-click solution so I don't have to enter pwd on many machines. and yes security for this pwd is not a concern here
im open to other one-click method too if it's done through scripting
can anyone please help?
You could use heredoc, give a try to:
sudo -S <<< "password from stdin" -u user_account ./script_name
I'm working on a script that will shred a usb drive and install Kali linux with encrypted persistent data.
#! /bin/bash
cd ~/Documents/Other/ISOs/Kali
echo "/dev/sdx x=?"
read x
echo "how many passes to wipe? 1 will be sufficient."
read n
echo "sd$x will be wiped $n times."
read -p "do you want to continue? [y/N] " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
echo "Your role in the installation process is not over. You will be prompted to type YES and a passphrase."
sudo shred -vz --iterations=$n /dev/sd$x
echo "Wiped. Installing Kali"
sudo dd if=kali-linux-2.0-amd64.iso of=/dev/sd$x bs=512k
echo "Installed. Making persistence."
y=3
sudo parted /dev/sd$x mkpart primary 3.5GiB 100%
x=$x$y
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sd$x
sudo cryptsetup luksOpen /dev/sd$x my_usb
sudo mkfs.ext3 -L persistence /dev/mapper/my_usb
sudo e2label /dev/mapper/my_usb persistence
sudo mkdir -p /mnt/my_usb
sudo mount /dev/mapper/my_usb /mnt/my_usb
sudo -i
echo "/ union" > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb
cryptsetup luksClose /dev/mapper/my_usb
echo "Persistence complete. Installation complete."
It works nearly perfectly. These commands individually entered into the terminal will create the desired effect, but the problem comes in at line 37:
sudo echo "/ union" > /mnt/my_usb/persistence.conf
That command won't work unless I'm logged in as root user. To solve this I tried adding the sudo -i command before, but once I do that all of the following commands are skipped.
It's okay if the solution suggested requires me to type in the password. I don't want the password stored in the script, that's just wreckless.
Side note, I didn't make a generic form for this question because I want other people to be able use this if they like it.
The problem is that the echo runs with root privilege but the redirection happens in the original shell as the non-root user. Instead, try running an explicit sh under sudo and do the redirection in there
sudo /bin/sh -c 'echo "/ union" > /mnt/my_usb/persistence.conf'
The problem is that when you type in the following command:
sudo echo "/ union" > /mnt/my_usb/persistence.conf
Only the "echo" will be run as root through sudo, but the redirection to the file using > will still be executed as the "normal" user, because it is not a command but something performed directly by the shell.
My usual solution is to use teeso that it runs as a command and not as a shell built-in operation, like this:
echo "/ union" | sudo tee /mnt/my_usb/persistence.conf >/dev/null
Now the tee command will be run as root through sudo and will be allowed to write to the file. >/dev/null is just added to keep the output of the script clean. If you ever want to append instead of overwrite (e.g. you would be using >>normally), then use tee -a.
My script is as below.
#!/bin/bash
version = 1.1
echo "Enter username"
read UserName
ssh -t $UserName#server bash -c " '
./runSomeScript
echo "Entering Sudo"
sudo -s -u user1 -c "cd random; ./randomscrip xx-$version-yy"
'"
But this is not working.
Basically i want to do a ssh to a account. And then runSomeScript
Then do a sudo with user as user1 and then run commands cd random and ./randomscrip (with xx-Version-yy as argument) as the sudo user only.
But the commands inside sudo are not working.
Your quoting is a little careless. You're using double-quotes for the first and third levels of quoting, and the shell can't tell one from the other. Do something like this instead:
sudoScript="cd random; ./randomscrip xx-${version}-yy"
sshScript='
./runSomeScript
echo "Entering Sudo"
sudo -s -u user1 bash -c '"'${sudoScript}'"'
'
ssh -t ${UserName}#server "${sshScript}"
But beware that if you embed any single-quotes, it will still go wrong unless you add a layer of shell-quoting.
Finally, remove the spaces around = when you assign to version.
I have a situation that I need to append several lines(ip and hosts) from a file to /etc/hosts.
If I execute the below command
sshpass -p password cat /tmp/hosts |sudo tee -a /etc/hosts
I am getting
sudo: no tty present and no askpass program specified.
Sorry, try again.
sudo: no tty present and no askpass program specified. Sorry, try again.
sudo: no tty present and no askpass program specified. Sorry, try again.
sudo: 3 incorrect password attempts
Any alternatives to this?
How about
sudo -S sh -c 'cat /tmp/hosts >> /etc/hosts' <<< "password"
It's best to contain redirections for sudo within a subshell so that the elevated permissions are applied to opening the destination file.
ref: See https://stackoverflow.com/a/4327123/7552
The error you face comes from the fact that sshpass tries to send the password to cat, not to sudo. Your command line should have, in theory, looked rather like this:
cat /tmp/hosts |sshpass -p password sudo tee -a /etc/hosts
but sshpass does not forward stdin to sudo so this is a dead end. (sudo does forward stdin though that is why something like sudo tee works)
You could do something like this
sshpass -p password sudo echo "Hello"
cat /tmp/hosts | sudo tee -a /etc/hosts
so that the second call to sudo does not require a password.
Another option is to embed the cat and the redirection in a shell script and then just
sshpass -p password sudo ./thescript.sh
Or you can, as #glennjackman wrote, embed the cat and the redirection in a subshell:
sshpass -p password sudo sh -c 'cat /tmp/hosts >> /etc/hosts'
And of course, you can configure sudo to not require passwords.