This question already has answers here:
How do I use sudo to redirect output to a location I don't have permission to write to? [closed]
(15 answers)
Closed 7 years ago.
I want to block usb mass storage in some of the systems in the LAN. I have written a bash script which will modify the file. I am running the script as default admin in ubuntu. But the script is not able to modify the file. I am getting the following error
"bash: /etc/modprobe.d/blacklist.conf: Permission denied"
Below is my bash script
#/bin/bash
password='mypassword' #admin password of remote system
val='blacklist usb-storage' #text which i want to add in the file
for sysName in $(cat systemDetails) #systemDetails is file which stores
do
ssh $sysName 'echo '$password' | sudo -S echo '$val ' >> /etc/modprobe.d/blacklist.conf'
echo
done
#script ends
NOTE: I have configured my system such that no ssh password is required.
Any pointers in this regard will be really helpful.
Try this:
ssh $sysName "echo $password | sudo -S sh -c 'echo $val >> /etc/modprobe.d/blacklist.conf'"
Related
This question already has answers here:
How to pass the password to su/sudo/ssh without overriding the TTY?
(22 answers)
Closed 10 months ago.
I am discovering the bash scripting. I need to write a bash script to automatically connects my remote server with ssh. I am using MACOSX.
I were able to do with sudo as below
echo <root_pass> | sudo -S ls
However all my attempts were unsuccessful to pass the passphrase.
I have tried these below already:
echo <my_passphrase> | sudo ssh -i /Users/path_to_ssh_public_key/ssh <my_username>#<remote_ip>
sudo ssh -i /Users/path_to_ssh_public_key/ssh <my_username>#<remote_ip> <<< echo <my_passphrase>
The command uses "-i" to get public key from a custom folder
Any help is welcome...
EDIT: I want to fully control the terminal outputs and inputs. I don't want to use sshpass or declare any variables to the shell.
As others mentioned in comments, you can use sshpass like so:
sshpass -p !4u2tryhack ssh username#host.example.com
But using .ssh/config file is much more convenient.
Sample
Host fedora
Hostname 192.168.1.60
Port 22
User shm
With which I can do
ssh fedora
And since it does not have any key - it uses the default id_rsa.
This question already has answers here:
Bash script runs one command before previous. I want them one after the other
(2 answers)
Closed 3 years ago.
I tried to use the following bash to access the content of a folder;
test_dir="/some_dir/dir_test"
ssh -t -t user#remote-host "
if [ -d '$test_dir' ]; then
sudo chown -R user:admin '$test_dir'
echo '$test_dir'/*
if [ '$(ls -A $test_dir)' ]; then
sudo rm -rf '$test_dir'/*
echo '$test_dir'/*
fi"
the script tried to check if /some_dir/dir_test is empty or not, if not, delete all files in that folder; but I got the following error;
ls: cannot access '/some_dir/dir_test': No such file or directory
/some_dir/dir_test
drwxr-xr-x. 3 sys admin 16 Sep 23 15:03 dir_test
However, I can ssh to remote-host and ls -A /some_dir/dir_test.
I am wondering how to fix it.
$(ls -A $test_dir) is being executed locally on the client, not the server. You need to escape the $. You'll also need to use " around it, otherwise the command substitution won't be executed.
if [ \"\$(ls -A $test_dir)\" ]; then
Often the best way to execute multiline commands is to use scp to copy a script to the remote machine, then use ssh to execute the script. Mixing local and remote expansion of variables and command substitutions gets complicated, especially when you need to quote them.
We have linux script in our environment which does ssh to remote machine with a common user and copies a script from base machine to remote machine through scp.
Script Test_RunFromBaseVM.sh
#!/bin/bash
machines = $1
for machine in $machines
do
ssh -tt -o StrictHostKeyChecking=no ${machine} "mkdir -p -m 700 ~/test"
scp -r bin conf.d ${machine}:~/test
ssh -tt ${machine} "cd ~/test; sudo bash bin/RunFromRemotevm.sh"
done
Script RunFromRemotevm.sh
#!/bin/bash
echo "$(date +"%Y/%m/%d %H:%M:%S")"
Before running Test_RunFromBaseVM.sh script base vm we run below two commands.
eval $(ssh-agent)
ssh-add
Executing ./Test_RunFromBaseVM.sh "<list_of_machine_hosts>" getting permission denied error.
[remote-vm-1] bin/RunFromRemotevm.sh:line 2: /bin/date: Permission denied
any clue or insights on this error will be of great help.
Thanks.
I believe the problem is the presence of the NOEXEC: tag in the sudoers file, corresponding to the user (or group) that's executing the "cd ~/test; sudo bash bin/RunFromRemotevm.sh" command. This causes any further execv(), execve() and fexecve() calls to be refused, in this case it's /bin/date.
The solution is obviously remove the NOEXEC: from the main /etc/sudoers file or some file under /etc/sudoers.d, whereever is this defined.
I try to sudo run a local script over ssh,
ssh $HOST < script.sh
and I tried
ssh -t $HOST "sudo -s && bash" < script.sh
Actually, I searched a lot in google, find some similar questions, however, I don't find a solution which can sudo run a local script.
Reading the error message of
$ ssh -t $HOST "sudo -s && bash" < script.sh
Pseudo-terminal will not be allocated because stdin is not a terminal.
makes it pretty clear what's going wrong here.
You can't use the ssh parameter -t (which sudo needs to ask for a password) whilst redirecting your script to bash's stdin of your remote session.
If it is acceptable for you, you could transfer the local script via scp to your remote machine and then execute the script without the need of I/O redirection:
scp script.sh $HOST:/tmp/ && ssh -t $HOST "sudo -s bash /tmp/script.sh"
Another way to fix your issue is to use sudo in non-interactive mode -n but for this you need to set NOPASSWD within the remote machine's sudoers file for the executing user. Then you can use
ssh $HOST "sudo -n -s bash" < script.sh
To make Edward Itrich's answer more scalable and geared towards frequent use, you can set up a system where you only run a one line script that can be quickly ported to any host, file or command in the following manner:
Create a script in your Scripts directory if you have one by changing the name you want the script to be (I use this format frequently to change 1 word for my script name and create the file, set permissions and open for editing):
newscript="runlocalscriptonremotehost.sh"
touch $newscript && chmod +x $newscript && nano $newscript
In nano fill out the script as follows placing the directory and name information of the script you want to run remotely in the variable lines of runlocalscriptonremotehost.sh(only need to edit lines 1-3):
HOSTtoCONTROL="sudoadmin#192.168.0.254"
PATHtoSCRIPT="/home/username/Scripts/"
SCRIPTname="scripttorunremotely.sh"
scp $PATHtoSCRIPT$SCRIPTname $HOSTtoCONTROL:/tmp/ && ssh -t $HOSTtoCONTROL "sudo -s bash /tmp/$SCRIPTname"
Then just run:
sh ./runlocalscriptonremotehost.sh
Keep runlocalscriptonremotehost.sh open in a tabbed text editor for quick updating, go ahead and create a bash alias for the script and you have yourself an app-ified version of this frequently used operation.
First of all divide your objective in 2 parts. 1) ssh to the host. 2) run the command you want as sudo. After you are certain that you can 1) access the host and 2) have sudo privileges then you can combine the two commands with &&. What x_cmd && y_cmd does is that the y_cmd gets executed after x_cmd has exited successfully.
This question already has answers here:
How do I use sudo to redirect output to a location I don't have permission to write to? [closed]
(15 answers)
Closed 8 years ago.
I'm trying to append to the /etc/hosts file from the termimal:
sudo echo -e "127.0.0.1 localhost-myproject" >> /etc/hosts
Even though I'm doing as sudo, it won't let me. I get permission denied:
bash: /etc/hosts: Permission denied
I've looked at a couple other posts and they instruct like this. But I'm getting this error. How can I do this? Thanks
sudo /bin/bash -c 'echo -e "127.0.0.1 localhost-myproject" >> /etc/hosts'