Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh foo.com sudo command - Prompts for sudo password as visible text. Help?
Top Forums Shell Programming and Scripting ssh foo.com sudo command - Prompts for sudo password as visible text. Help? Post 302567842 by fluoborate on Tuesday 25th of October 2011 08:07:52 AM
Old 10-25-2011
ssh foo.com sudo command - Prompts for sudo password as visible text. Help?
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:

Code:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reload

rsync and ssh don't prompt for a password, because I have DSA encryption keys. However, if rsync or ssh did prompt for a password, it would be invisible as I typed it in.

Sadly, sudo does prompt for a password. Not only that, the password gets displayed on the screen of my local machine as I type it.

Edited to add this paragraph:
Here is an example of what happens:
Code:
local-box$ ./myScript.sh
[sudo] password for fluoborate:

It wants the password for "sudo /etc/init.d/apache2 reload", and it wants the password for the user fluoborate on remote-box. When I type in the password, it appears, it is visible on my screen (the screen of local-box).

Possible solutions:

1. Ideally, I would like to be able to do something like this:
Code:
sudo --password=thisIsThePassword /etc/init.d/apache2 reload

Before you balk at how insecure that is: I would prompt for the password earlier in the script, rather than hard-coding it, so reading the source code will not include the password. Also, nobody else can login to the remote machine, so they cannot see the command line arguments or look at my BASH history.

2. Modify my sudoers file. I don't want to do this, and I haven't been able to figure out how. I am on Ubuntu (10.10 server, iirc). I can make it never prompt for a sudo password, but I cannot make it always prompt except for the one command "sudo /etc/init.d/apache2 reload". If you can provide very explicit instructions to get that working, then please do, I will be forever grateful.

3. Use expect. I simply don't want to do this, it is ugly.

Thank you for the help.
Last edited by fluoborate; 10-25-2011 at 09:49 AM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SSH prompts password for non identical users

host1 & host2 : Solaris 10 - SPARC server From host1 able to ssh to host2 as same user with out password prompt. But, when ssh to different user in host2, it prompts for password DETAILS ======= In host1: 1) logged as root 2) ssh-keygen -t dsa -b 1024 (no pass phrase) 3)... (5 Replies)
Discussion started by: vjkatsun
5 Replies

2. Shell Programming and Scripting

sudo command with password

Hello everybody, Say I forgot my root password (shit happens, no?) and I'd like to brutally try 100 possibilities to delete a file using sudo. How can I make a script that tries all the passwords? The following doesn't work. Do you have a clue? foo:~$ cat test sudo rm dummy <<< 'password' echo... (1 Reply)
Discussion started by: chebarbudo
1 Replies

3. AIX

Sudo ask for password

Hello I have a partition with Aix 5.3 and I install sudo I put the commands that I want to use x user and I put the option that donkask for password. But when I run with this user and I try to run that commands. ask me for a password. I put this line for no ask for password with that... (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

4. Red Hat

SSH Prompts for Password After Keys Setup Successfully

I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully). Note: 'passwd -d Rynok' removes... (3 Replies)
Discussion started by: Rynok
3 Replies

5. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

6. Shell Programming and Scripting

password getting displayed using sudo

Hi While doing the following command password is gettin dispalyed : ssh <host> "sudo command ; exit" .... while i type my password for 2nd its gettin displayed ... i tried stty -echo and stty echo ... still i am havin problem..:confused: (1 Reply)
Discussion started by: ningy
1 Replies

7. Red Hat

Sudo + Nohup = no password?

Little confused here When i go to run sudo nohup ./script.ksh & I dont get asked for a password. It starts a process ID, I can see it when i do a ps -ef | grep script. But I dont get an output file from my script, so its not doing anything. What gives? does it have to do the "&" ? ... (4 Replies)
Discussion started by: nitrobass24
4 Replies

8. Red Hat

Sudo Password Prompt over SSH

I am not sure what I am missing here. I have the following identical entry in /etc/sudoers on multiple Red Hat 6.4 servers. icinga ALL=NOPASSWD:/usr/bin/yum --security --exclude\="kernel*" check-update On one server when I enter the command over SSH as follows it works fine. ssh -t -q... (1 Reply)
Discussion started by: scotbuff
1 Replies

9. UNIX for Dummies Questions & Answers

Sudo ssh with command running in background

I am trying to run a command. This is one of my attempts: for i in fileservera; do ssh -t $i 'sudo ls /';doneThis works, and I see the directories. However, what I want to do now is start a process on the remote server such as /usr/bin/connectproc -standalonesudo /usr/bin/connectproc... (1 Reply)
Discussion started by: newbie2010
1 Replies

10. AIX

Sudo command prompt for a password

in the /etc/sudoer file this line was added: wtolentino ALL=(ORACLE) NOPASSWD: /bin/chmod when i tried to run this command sudo -u oracle /bin/chmod 775 /appshared/applications/lpa/executables/chrpt001.rep it prompts me for a password for example: $ pwd /appshared/applications/lpa... (2 Replies)
Discussion started by: wtolentino
2 Replies

LEARN ABOUT CENTOS

fence_virsh

FENCE_AGENT(8)						      System Manager's Manual						    FENCE_AGENT(8)

NAME

       fence_virsh - Fence agent for virsh

DESCRIPTION

       fence_virsh is an I/O Fencing agent which can be used with the virtual machines managed by libvirt. It logs via ssh to a dom0 and there run
       virsh command, which does all work.

       By default, virsh needs root account to do properly work. So you must allow ssh login in your sshd_config.

       fence_virsh accepts options on the command line as well as from stdin. Fenced sends parameters through  stdin  when  it	execs  the  agent.
       fence_virsh can be run by itself with command line options.  This is useful for testing and for turning outlets on or off from scripts.

       Vendor URL: http://libvirt.org

PARAMETERS


       -a, --ip=[ip]
	      IP Address or Hostname This parameter is always required.

       -l, --username=[name]
	      Login Name This parameter is always required.

       -p, --password=[password]
	      Login password or passphrase

       -c, --command-prompt=[prompt]
	      Force Python regex for command prompt (Default Value: ['[EXPECT]# '])

       -x, --ssh
	      SSH connection (Default Value: 1)

       -n, --plug=[id]
	      Physical plug number, name of virtual machine or UUID This parameter is always required.

       -u, --ipport=[port]
	      TCP/UDP port to use for connection with device (Default Value: 22)

       -4, --inet4-only
	      Forces agent to use IPv4 addresses only

       -6, --inet6-only
	      Forces agent to use IPv6 addresses only

       -S, --password-script=[script]
	      Script to retrieve password

       -k, --identity-file=[filename]
	      Identity file for ssh

       --ssh-options=[options]
	      SSH options to use (Default Value: -t '/bin/bash -c "PS1=#  /bin/bash --noprofile --norc"')

       -o, --action=[action]
	      Fencing Action (Default Value: reboot)

       -v, --verbose
	      Verbose mode

       -D, --debug-file=[debugfile]
	      Write debug information to given file

       -V, --version
	      Display version information and exit

       -h, --help
	      Display help and exit

       -C, --separator=[char]
	      Separator for CSV created by operation list (Default Value: ,)

       --power-timeout=[seconds]
	      Test X seconds for status change after ON/OFF (Default Value: 20)

       --shell-timeout=[seconds]
	      Wait X seconds for cmd prompt after issuing command (Default Value: 3)

       --login-timeout=[seconds]
	      Wait X seconds for cmd prompt after login (Default Value: 5)

       --power-wait=[seconds]
	      Wait X seconds after issuing ON/OFF (Default Value: 0)

       --delay=[seconds]
	      Wait X seconds before fencing is started (Default Value: 0)

       --retry-on=[attempts]
	      Count of attempts to retry power on (Default Value: 1)

       --use-sudo
	      Use sudo (without password) when calling 3rd party sotfware.

ACTIONS


       on     Power on machine.

       off    Power off machine.

       reboot Reboot machine.

       status This returns the status of the plug/virtual machine.

       list   List available plugs with aliases/virtual machines if there is support for more then one device. Returns N/A otherwise.

       monitor
	      Check the health of fence device

       metadata
	      Display the XML metadata describing this resource.

STDIN PARAMETERS


       ipaddr IP Address or Hostname This parameter is always required.

       login  Login Name This parameter is always required.

       passwd Login password or passphrase

       cmd_prompt
	      Force Python regex for command prompt (Default Value: ['[EXPECT]# '])

       secure SSH connection (Default Value: 1)

       port   Physical plug number, name of virtual machine or UUID This parameter is always required.

       ipport TCP/UDP port to use for connection with device (Default Value: 22)

       inet4_only
	      Forces agent to use IPv4 addresses only

       inet6_only
	      Forces agent to use IPv6 addresses only

       passwd_script
	      Script to retrieve password

       identity_file
	      Identity file for ssh

       ssh_options
	      SSH options to use (Default Value: -t '/bin/bash -c "PS1=#  /bin/bash --noprofile --norc"')

       action Fencing Action (Default Value: reboot)

       verbose
	      Verbose mode

       debug  Write debug information to given file

       version
	      Display version information and exit

       help   Display help and exit

       separator
	      Separator for CSV created by operation list (Default Value: ,)

       power_timeout
	      Test X seconds for status change after ON/OFF (Default Value: 20)

       shell_timeout
	      Wait X seconds for cmd prompt after issuing command (Default Value: 3)

       login_timeout
	      Wait X seconds for cmd prompt after login (Default Value: 5)

       power_wait
	      Wait X seconds after issuing ON/OFF (Default Value: 0)

       delay  Wait X seconds before fencing is started (Default Value: 0)

       retry_on
	      Count of attempts to retry power on (Default Value: 1)

       sudo   Use sudo (without password) when calling 3rd party sotfware.

fence_virsh (Fence Agent)					    2009-10-20							    FENCE_AGENT(8)
All times are GMT -4. The time now is 12:12 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy