How to run remote ssh session from Jenkins with sudo rights? - linux

Using 'Execute shell script on remote host using ssh' option and need sudo rights on remote server to change permissions and remove protected files.
How to run session with this rights?
Getting message
sudo: sorry, you must have a tty to run sudo
when trying to run sudo command.

To run sudo remotely you have 2 options
Allow the user to run sudo commands without a password.
Append username ALL=(ALL) NOPASSWD: ALL the /etc/sudoers file with sudo visudo. Alternatively you can modify this line to only allow certain sudo commands to be run without a password
Use the pseudo-tty to emulate tty remotely and enter your sudo password when requsted.
To do this run ssh -t username#host command_to_execute

If the remote server accepts the direct login of the root user you can simply do:
ssh -l root yourserver command_to_execute
Similar syntax is:
ssh root#yourserver command_to_execute
Mind that allowing the login of the root user via ssh to a remote server isn't always a good solution.
A better solution would be change the owner / permissions to allow a non-root user to modify the protected files.

Related

Copy files to different folder without sudo access

I am trying to copy files/directories from one user to another user in a same machine via jenkins.
Suppose there is one file abc.txt in a directory(say /tmp/dist) where user1 has sudo access. I need to copy that file to the directory of (/opt/user2/temp) via jenkins.
I executed these commands in interactive shells after logging in to the server.
sudo -u user2 -s cp /tmp/dist/* /opt/user2/temp
This asks for password prompt and abruptly comes out of terminal and terminates the job.
I also checked if i can remove password prompt by adding password details in /etc/sudoers but to no avail.
sudo visudo
I also tried scp to the destination folder directly but that also was not fruitful.
Tried ssh as well
ssh -t user2#hostname 'sudo -u user2 -s cp /tmp/dist/* user2#hostname:/opt/user2/temp'
edit 1:
Tried changing the owner of the group to the destination folder but it asks for password prompt again.
sudo chown -R user2 /tmp/dist
I expect directory copy from to another folder provided it doesnt asks for password prompt.
Also,I don t have access or can modify /etc/sudoers.

Connect SSH and execute script with another user

In my server I've a script that needs to be executed with the system user (user1). I've an SSH user (user2) who that one will connect to the server to run the script.
Do you know if it's possible to do it with SETUID, SETGUID? Or I don't have the choice to use:
su -c -s /bin/bassh {script} username
Net up passwordless sudo for user2 on the server
ssh user2#server sudo --non-interactive --user=user1 /path/to/script

Linux shell script - How to switch user and run a script?

I'm currently writing a .sh script to deploy different applications on 4 different machines. Right now I'm having trouble with running a script as another user. I need to log in with myUser with my credentials and then sudo su to user2 to run a specific script.
Normally, I would manually do the following:
ssh myUser#remotehost
[Type in password]
sudo su - user2
cd /path/only/accessible/to/user2
./someScript.sh
when I tried
ssh -t myUser#$remotehost "sudo su - user2 && /path/only/accessible/to/user2 && ./someScript.sh"
I was asked my password, then stayed logged as user2, without any feedback from the script, which would normally give me some informations.
What am I doing wrong?
Try
ssh -t myUser#$remotehost "sudo -u user2 /path/only/accessible/to/user2/someScript.sh"
If you need shell access after that you can use
ssh -t myUser#$remotehost "sudo -u user2 /path/only/accessible/to/user2/someScript.sh && /bin/bash -l"
An update if anyone wonders about this.
What I finally did was to log in with an ssh key. My sysadmin had to get involved in order to set it up, but at least it is a viable option.
ssh -i /path/to/sshKey user2#$remoteHost "/path/only/accessible/to/user2/someScript.sh"

Changing user to root when connected to a linux server and copying files

My script is coded in a way that doesn't allow you to connect to a server directly by root. This code basically copies files from a server to my computer and it works but I don't have access to many files because only root can access them. How can I connect to a server as a user and then copy its files by switching to root?
Code I want to change:
sshpass -p "password" scp -q -r username#74.11.11.11:some_directory copy_it/here/
In other words, I want to be able to remotely copy files which are only accessible to root on a remote server, but don't wish to access the remote server via ssh/scp directly as root.
Is it possible through only ssh and not sshpass?
If I understand your question correctly, you want to be able to remotely copy files which are only accessible to root on the remote machine, but you don't wish to (or can't) access the remote machine via ssh/scp directly as root. And a separate question is whether it could be done without sshpass.
(Please understand that the solutions I suggest below have various security implications and you should weigh up the benefits versus potential consequences before deploying them. I can't know your specific usage scenario to tell you if these are a good idea or not.)
When you ssh/scp as a user, you don't have access to the files which are only accessible to root, so you can't copy all of them. So you need to instead "switch to root" once connected in order to copy the files.
"Switching to root" for a command is accomplished by prefixing it with sudo, so the approach would be to remotely execute commands which copy the files via sudo to /tmp on the remote machine, changes their owner to the connected user, and then remotely copy them from /tmp:
ssh username#74.11.11.11 "sudo cp -R some_directory /tmp"
ssh username#74.11.11.11 "sudo chown -R username:username /tmp/some_directory"
scp -q -r username#74.11.11.11:/tmp/some_directory copy_it/here/
ssh username#74.11.11.11 "rm -r /tmp/some_directory"
However, sudo prompts for the user's password, so you'll get a "sudo: no tty present and no askpass program specified" error if you try this. So you need to edit /etc/sudoers on the remote machine to authorize the user to use sudo for the needed commands without a password. Add these lines:
username ALL=NOPASSWD: /bin/cp
username ALL=NOPASSWD: /bin/chown
(Or, if you're cool with the user being able to execute any command via sudo without being prompted for password, you could instead use:)
username ALL=NOPASSWD: ALL
Now the above commands will work and you'll be able to copy your files.
As for avoiding using sshpass, you could instead use a public/private key pair, in which a private key on the local machine unlocks a public key on the remote machine in order to authenticate the user, rather than a password.
To set this up, on your local machine, type ssh-keygen. Accept the default file (/home/username/.ssh/id_rsa). Use an empty passphrase. Then append the file /home/username/.ssh/id_rsa.pub on the local machine to /home/username/.ssh/authorized_keys on the remote machine:
cat /home/username/.ssh/id_rsa.pub | ssh username#74.11.11.11 \
"mkdir -m 0700 -p .ssh && cat - >> .ssh/authorized_keys && \
chmod 0600 .ssh/authorized_keys"
Once you've done this, you'll be able to use ssh or scp from the local machine without password authorization.

run remote script for linux from windows with login in script

I want to know if i can somehow or someway run a remote linux script stored in windows machine through putty which can contain:
#!/bin/bash
su
<password>
<some operation which needs root permissions>
exit
<some operation with normal user credentials>
Since i tried above script but it does ask root password and then give error of not able to run commands and needed root access. I ran this script from putty using command line:
putty -ssh normaluser#linuxhost -pw <password> -t -m C:\myRootScript.sh
Thanks for answers
Ashutosh
Either login as the root user (not recommended!) or add the user that you're login in with to the sudoers file
sudo visudo
myusername ALL=(ALL) NOPASSWD: ALL
That will let you run sudo without a password.

Resources