Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh foo.com sudo command - Prompts for sudo password as visible text. Help?
Top Forums Shell Programming and Scripting ssh foo.com sudo command - Prompts for sudo password as visible text. Help? Post 302567842 by fluoborate on Tuesday 25th of October 2011 08:07:52 AM
Old 10-25-2011
ssh foo.com sudo command - Prompts for sudo password as visible text. Help?
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:

Code:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reload

rsync and ssh don't prompt for a password, because I have DSA encryption keys. However, if rsync or ssh did prompt for a password, it would be invisible as I typed it in.

Sadly, sudo does prompt for a password. Not only that, the password gets displayed on the screen of my local machine as I type it.

Edited to add this paragraph:
Here is an example of what happens:
Code:
local-box$ ./myScript.sh
[sudo] password for fluoborate:

It wants the password for "sudo /etc/init.d/apache2 reload", and it wants the password for the user fluoborate on remote-box. When I type in the password, it appears, it is visible on my screen (the screen of local-box).

Possible solutions:

1. Ideally, I would like to be able to do something like this:
Code:
sudo --password=thisIsThePassword /etc/init.d/apache2 reload

Before you balk at how insecure that is: I would prompt for the password earlier in the script, rather than hard-coding it, so reading the source code will not include the password. Also, nobody else can login to the remote machine, so they cannot see the command line arguments or look at my BASH history.

2. Modify my sudoers file. I don't want to do this, and I haven't been able to figure out how. I am on Ubuntu (10.10 server, iirc). I can make it never prompt for a sudo password, but I cannot make it always prompt except for the one command "sudo /etc/init.d/apache2 reload". If you can provide very explicit instructions to get that working, then please do, I will be forever grateful.

3. Use expect. I simply don't want to do this, it is ugly.

Thank you for the help.
Last edited by fluoborate; 10-25-2011 at 09:49 AM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SSH prompts password for non identical users

host1 & host2 : Solaris 10 - SPARC server From host1 able to ssh to host2 as same user with out password prompt. But, when ssh to different user in host2, it prompts for password DETAILS ======= In host1: 1) logged as root 2) ssh-keygen -t dsa -b 1024 (no pass phrase) 3)... (5 Replies)
Discussion started by: vjkatsun
5 Replies

2. Shell Programming and Scripting

sudo command with password

Hello everybody, Say I forgot my root password (shit happens, no?) and I'd like to brutally try 100 possibilities to delete a file using sudo. How can I make a script that tries all the passwords? The following doesn't work. Do you have a clue? foo:~$ cat test sudo rm dummy <<< 'password' echo... (1 Reply)
Discussion started by: chebarbudo
1 Replies

3. AIX

Sudo ask for password

Hello I have a partition with Aix 5.3 and I install sudo I put the commands that I want to use x user and I put the option that donkask for password. But when I run with this user and I try to run that commands. ask me for a password. I put this line for no ask for password with that... (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

4. Red Hat

SSH Prompts for Password After Keys Setup Successfully

I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully). Note: 'passwd -d Rynok' removes... (3 Replies)
Discussion started by: Rynok
3 Replies

5. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

6. Shell Programming and Scripting

password getting displayed using sudo

Hi While doing the following command password is gettin dispalyed : ssh <host> "sudo command ; exit" .... while i type my password for 2nd its gettin displayed ... i tried stty -echo and stty echo ... still i am havin problem..:confused: (1 Reply)
Discussion started by: ningy
1 Replies

7. Red Hat

Sudo + Nohup = no password?

Little confused here When i go to run sudo nohup ./script.ksh & I dont get asked for a password. It starts a process ID, I can see it when i do a ps -ef | grep script. But I dont get an output file from my script, so its not doing anything. What gives? does it have to do the "&" ? ... (4 Replies)
Discussion started by: nitrobass24
4 Replies

8. Red Hat

Sudo Password Prompt over SSH

I am not sure what I am missing here. I have the following identical entry in /etc/sudoers on multiple Red Hat 6.4 servers. icinga ALL=NOPASSWD:/usr/bin/yum --security --exclude\="kernel*" check-update On one server when I enter the command over SSH as follows it works fine. ssh -t -q... (1 Reply)
Discussion started by: scotbuff
1 Replies

9. UNIX for Dummies Questions & Answers

Sudo ssh with command running in background

I am trying to run a command. This is one of my attempts: for i in fileservera; do ssh -t $i 'sudo ls /';doneThis works, and I see the directories. However, what I want to do now is start a process on the remote server such as /usr/bin/connectproc -standalonesudo /usr/bin/connectproc... (1 Reply)
Discussion started by: newbie2010
1 Replies

10. AIX

Sudo command prompt for a password

in the /etc/sudoer file this line was added: wtolentino ALL=(ORACLE) NOPASSWD: /bin/chmod when i tried to run this command sudo -u oracle /bin/chmod 775 /appshared/applications/lpa/executables/chrpt001.rep it prompts me for a password for example: $ pwd /appshared/applications/lpa... (2 Replies)
Discussion started by: wtolentino
2 Replies

LEARN ABOUT CENTOS

pam_ssh_agent_auth

pam_ssh_agent_auth(8)							PAM						     pam_ssh_agent_auth(8)

PAM_SSH_AGENT_AUTH
       This module provides authentication via ssh-agent.  If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
       the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.

SUMMARY

       /etc/pam.d/sudo: auth	sufficient     pam_ssh_agent_auth.so file=/etc/security/authorized_keys
       /etc/sudoers:
	    Defaults	env_keep += "SSH_AUTH_SOCK"

       This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
       /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
       either be local, or forwarded.

       Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.

ARGUMENTS

       file=<path to authorized_keys>
	   Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)

       allow_user_owned_authorized_keys_file
	   A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
	   whenever the expansions %h or ~ are used.

       debug
	   A flag which enables verbose logging

       sudo_service_name=<service name you compiled sudo to use>
	   (when compiled with --enable-sudo-hack)

	   Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
	   is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.

	   This defaults to "sudo".

EXPANSIONS

       ~  -- same as in shells, a user's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
	   to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file

       %h -- User's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file

       %H -- The short-hostname
       %u -- Username
       %f -- FQDN

EXAMPLES

       in /etc/pam.d/sudo

       "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
	   The default .ssh/authorized_keys file in a user's home-directory

       "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
	   Same as above.

       "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
	   If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys.  In this case, we have not
	   specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys.	In this case, we specified
	   allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys.	In this case, we
	   have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.

v0.8								    2009-08-09						     pam_ssh_agent_auth(8)
All times are GMT -4. The time now is 05:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy