Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using Commands over SSH using Sudo
Top Forums Programming Using Commands over SSH using Sudo Post 302599698 by sds9985 on Saturday 18th of February 2012 12:46:43 AM
Old 02-18-2012
The code in sudo checks to see that its STDIN is a terminal, specifically trying to defeat input redirection from a file. The idea being that you should never put a clear text password in a file anywhere. Sudo wants to force you to manually enter the password on a keyboard in real time in order to run.

A utility like expect can be used to defeat this, but then you're just putting the clear text password into the expect file, which certainly isn't at all secure.

One secure solution would be to set up a root cron job on the target system to do the find periodically and make the output world readable in /tmp. Then you can set up a private/public key pair and just scp or cat the file whenever you like. Not quite real time, but reasonably timely, depending on the interval of the cron job.

Another method I've seen used is to set up key pairs and use scp to drop a trigger file of a particular name (which can be zero length) into predetermined location on the target system. This can be done as a normal user. There's a root cron job on the target system that runs every minute and looks for the trigger file. If found, root takes some predetermined action and then removes the trigger file. I recall an implementation of this where an admin had root doing all sorts of tasks on remote systems, depending on the name or the contents of the trigger file. The actions that root can take are spcifically coded into the cron script, which is only readable by root, so there's no danger of executing arbitrary code. You could trigger the action with the presence of the file and pass arguments as contents of the file.

Sort of the poor man's AutoSys or UC4...

Whatever you decide to do, please keep security in mind.

Cheers!
Last edited by sds9985; 02-18-2012 at 01:53 AM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Logging all commands after a sudo su-

Hi there, It might seem tricky, I confess. We use sudo to allow people to initiate priviledged commands (but not all commands) on our Unix systems. To by pass this, some people initiate the sudo su - command ; The main issue is to 'know' what those people do when they gain root access.... (4 Replies)
Discussion started by: linuxmtl
4 Replies

2. Shell Programming and Scripting

could not send commands SSH session with Net::SSH::Expect

I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands. With the putty I can connect to the device and execute the commands without any issues. Here is the sample script my $ssh =... (0 Replies)
Discussion started by: hansini
0 Replies

3. AIX

Add sudo executable commands

Guy's I have sudo already installed in AIX , just I want to know how can I add for example the following commands to be executed by sudo by (appuser).. shutdown /usr/startapp.sh /usr/stopapp.sh (5 Replies)
Discussion started by: ITHelper
5 Replies

4. UNIX for Dummies Questions & Answers

sudo commands list

Hi, Can you please give me a list of commands executed through 'sudo' command, thank you. (1 Reply)
Discussion started by: Dev_Dev
1 Replies

5. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

6. UNIX for Advanced & Expert Users

sudo: blocking specific commands

Hello all, I manage some HP-UX 11.31 servers. I have some users that have sudo access. All of them belong to the 'sudoers' user group. Right now, sudo is configured as wide open: %sudoers ALL=(ALL) ALL We are using sudo mostly for auditing purposes - when a user wants to run a... (9 Replies)
Discussion started by: lupin..the..3rd
9 Replies

7. Shell Programming and Scripting

How to run sudo commands under a script?

Hi, I am new to scripting. I am trying to write a script to ssh one remote machine and run a sudo command. ssh <hostname> sudo -S <command> < ~/pass.txt I am stored my password in pass.txt. I am getting error sudo: no tty present and no askpass program specified Please suggest me how can... (1 Reply)
Discussion started by: venkia9
1 Replies

8. Shell Programming and Scripting

Ssh not supporting sudo and sqlplus commands

Hi Guys , I was facing an issue some thing like , I have to connect remote machine and should execute few commands over there , I am able to run some simple commands , but below commands are throws error like not found. eg : sudo su - username and sqlplus user/pwd@db , srvrmgr commands etc ... (8 Replies)
Discussion started by: chandini
8 Replies

9. Ubuntu

Sudo commands without puting in .bashrc

dear all, When I start my laptop, I need to run one command /etc/init.open-afs start and it require sudo privilege. The only solution which occur to me is to put this command in .bashrc. But then the trouble comes as everytime I open any new tab it ask for the sudo password, which is pretty... (5 Replies)
Discussion started by: emily
5 Replies

10. Shell Programming and Scripting

How to automatically run commands after SSH and SUDO not working?

I'm working on a script to SSH and SUDO as (sap user sidadm) then automatically run commands that the sidadm user can run such as R3trans -v, tp, etc.. I can SSH without password and SUDO.. but the commands don't run after I SSH and SUDO to the sidadm user...here is the commands that I've... (2 Replies)
Discussion started by: icemanj
2 Replies

LEARN ABOUT DEBIAN

gnome-ssh-askpass

GNOME-SSH-ASKPASS(1)					      General Commands Manual					      GNOME-SSH-ASKPASS(1)

NAME

       gnome-ssh-askpass - prompts a user for a passphrase using GNOME

SYNOPSIS

       gnome-ssh-askpass

DESCRIPTION

       gnome-ssh-askpass  is  a GNOME-based passphrase dialog for use with OpenSSH.  It is intended to be called by the ssh-add(1) program and not
       invoked directly.  It allows ssh-add(1) to obtain a passphrase from a user, even if not connected to a terminal (assuming that an X display
       is  available).	This happens automatically in the case where ssh-add is invoked from one's ~/.xsession or as one of the GNOME startup pro-
       grams, for example.

       In order to be called automatically by ssh-add, gnome-ssh-askpass should be installed as /usr/bin/ssh-askpass.

ENVIRONMENT VARIABLES

       The following environment variables are recognized:

       GNOME_SSH_ASKPASS_GRAB_SERVER
	      Causes gnome-ssh-askpass to grab the X server before asking for a passphrase.

       GNOME_SSH_ASKPASS_GRAB_POINTER
	      Causes gnome-ssh-askpass to grab the mouse pointer using gdk_pointer_grab() before asking for a passphrase.

       Regardless of whether either of these environment variables is set, gnome-ssh-askpass will grab the keyboard using gdk_keyboard_grab().

AUTHOR

       This manual page was written by Colin Watson <cjwatson@debian.org> for the Debian system (but may be used by others).  It was based on that
       for x11-ssh-askpass by Philip Hands.

															      GNOME-SSH-ASKPASS(1)
All times are GMT -4. The time now is 01:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy