If a root user is running a bash script that configure some stuff on machine for a user. The script would configure a git repository and an ssh key for password-less github communication, then it would clone the repository.
This will only happens once.
I'm new to bash, how would I do this?
My solution so far (this script is run as root):
USERNAME="vagrant"
HOMEDIR="/home/$USERNAME"
apt-get update -y
apt-get install git -y
cp id_rsa* $HOMEDIR/.ssh #copying predefined keys
su -c "eval `ssh-agent -s` ssh-add $HOMEDIR/.ssh/id_rsa" $USERNAME
chmod 400 $HOMEDIR/.ssh/id_rsa
cat $HOMEDIR/.ssh/id_rsa.pub > $HOMEDIR/.ssh/known_hosts
This doesn't work because the key is not being added, I get the error:
Could not open a connection to your authentication agent.
With a root user that has no login on a remote host, and /root/.ssh does not exist, I can interactively ssh in with:
su - $USERNAME -c "ssh $USERNAME#<remotehost>"
It reads USERNAME's ~/.ssh/known_hosts file (or prompts for verification). If correct keys exist in USERNAME's ~/.ssh it uses them. When done, there is still no /root/.ssh, i.e. this is completely done as USERNAME, not root.
Likewise with git cloning:
su - $USERNAME -c "git clone remoteuser#host:/path/to/repo"
Just be careful of quoting. If you want a variable dereferenced at the time you run su, use double quotes. If you want a variable dereferenced after su has handed off to the user's shell, use single quotes. Example:
su - myuser -c "echo $HOME"
/root
su - myuser -c 'echo $HOME'
/home/myuser
Related
Is there a tool or a common script for adding users to a linux server that also configures the ssh keys?
For example, I found I can automate creation of users with useradd or adduser, and it is even possible to setup an account with password login with e.g. adduser --password my_password. However, that still leaves me having to add the .ssh folders and files and set the correct permissions, which in my case leaves plenty of room for typos.
What I am looking for is something like
adduser --ssh user_public_key
where user_public_key is key provided to me by the new user.
I imagine there might be an existing tool for this, but my duckducking didn't turn up anything useful.
Try this (for centos, plus enables docker)
set -euo pipefail
DEV_GROUP="somegroup"
sudo groupadd --force "${DEV_GROUP}"
function adduser() {
local var_user="$1"
shift
local var_ssh_pub_key="$*"
id --user "${var_user}" &>/dev/null || sudo useradd --gid "${DEV_GROUP}" --groups wheel,docker "${var_user}"
echo "${var_user} ALL=(ALL) NOPASSWD:ALL" | sudo tee "/etc/sudoers.d/${var_user}"
sudo --user "${var_user}" mkdir -p "/home/${var_user}/.ssh"
sudo --user "${var_user}" touch "/home/${var_user}/.ssh/authorized_keys"
echo "${var_ssh_pub_key}" | sudo --user "${var_user}" tee "/home/${var_user}/.ssh/authorized_keys"
}
adduser someuser ssh-rsa AAAAB3NzaC1.... user#host
You can do this in a script as root:
$ mkdir ~username/.ssh
$ cat user_public_key >> ~username/.ssh/authorized_keys
$ chown -R username ~username/.ssh
I'm currently writing a .sh script to deploy different applications on 4 different machines. Right now I'm having trouble with running a script as another user. I need to log in with myUser with my credentials and then sudo su to user2 to run a specific script.
Normally, I would manually do the following:
ssh myUser#remotehost
[Type in password]
sudo su - user2
cd /path/only/accessible/to/user2
./someScript.sh
when I tried
ssh -t myUser#$remotehost "sudo su - user2 && /path/only/accessible/to/user2 && ./someScript.sh"
I was asked my password, then stayed logged as user2, without any feedback from the script, which would normally give me some informations.
What am I doing wrong?
Try
ssh -t myUser#$remotehost "sudo -u user2 /path/only/accessible/to/user2/someScript.sh"
If you need shell access after that you can use
ssh -t myUser#$remotehost "sudo -u user2 /path/only/accessible/to/user2/someScript.sh && /bin/bash -l"
An update if anyone wonders about this.
What I finally did was to log in with an ssh key. My sysadmin had to get involved in order to set it up, but at least it is a viable option.
ssh -i /path/to/sshKey user2#$remoteHost "/path/only/accessible/to/user2/someScript.sh"
I have some tasks to do on a remote Ubuntu CLI-only server in our offices every 2 weeks. I usually type the commands one by one, but I am trying to find a way (write a script maybe?) to decrease the time I spend in repeating those first steps.
Here is what I do:
ssh my_username#my_local_server
# asks for my_username password
cd /path/to/particular/folder
su particular_user_on_local_server
# asks for particular_user_on_local_server password
And then I can do my tasks (run some Ruby script on Rails applications, copy/remove files, restart services, etc.)
I am trying to find a way to do this in a one-step script/command:
"ssh connect then cd to directory then su to this user"
I tried to use the following:
ssh username#server 'cd /some/path/to/folder ; su other_user'
# => does not keep my connection open to the server, just execute my `cd`
# and then tells me `su: must be run from terminal`
ssh username#server 'cd /some/path/to/folder ; bash ; su other_user'
# => keeps my connection open to the server but doesn't switch to user
# and I don't see the usual `username:~/current/folder` prefix in the CLI
Is there a way to open a terminal (keep connection) on a remote server via ssh and change directory + switch to particular in a automated way? (to make things harder, I'm using Yakuake)
You can force allocation of a pseudo-terminal with -t, change to the desired directory and then replace the shell with one where you are the desired user:
ssh -t username#server 'cd /some/path/to/folder && exec bash -c "su other_user"'
sudo -H keeps the current working directory, so you could do:
ssh -t login_user#host.com 'cd /path/to/dir/; sudo -H -u other_user bash'
The -t parameter of ssh is needed otherwise the second sudo won't be able to ask you for your password.
I have this:
su $username -c ./script.sh
The problem is that within script I have 'sudo' commands and they says me
sudo: no tty present and no askpass program specified
How to do this right?
UPD: I need both sudo and su. What I need to do is run script as USER $username and be able to run certain commands within script as root (for example, pacman -S)
SOLUTION: I've added NOPASSWD option to /etc/sudoers before running script and delete this entry using sed after script finished.
First set chmod +x to your scripts
try:
#!/bin/bash
echo "hello"
su - <your-user> -c /path/to/script.sh
echo "good bye"
UPDATE:
You should find a way to force bash to use pseudo-tty
Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.
If the user is not as sudoers do the following steps:
This is what you need to do in /etc/sudoers:
# User privilege specification
root ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL
you have also ways to do:
you can pipe password if it has password:
echo "yourpassword" | sudo -S
OR
You can run the following script:
#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for username:"
send -- "user-password\r"
expect eof
Also you can do that:
sudo -kS bash - << EOF
password
whoami
echo "Not a good idea to have a password encoded in plain text"
EOF
I want to give a user access to a git repository without him having to enter a password.
Lets say I have a bash script that does this:
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
This script is being run with sudo ./script.sh
I would I add the ssh key for a user instead of root?
You could use su -c <command> $SUID_USER with your commands.