sudo works without terminal if there is NOPASSWD: in sudoers. Please check which command(s)!
But it is either
or
where the optional - reads root's profile.
sudo su - is not allowed
I understand that we can avoid these things, by setting up ssh keys or the sudoers file, but these options are not allowed
basiclly I want to do these steps, but in a script:
login to the Unix server as my own userid
ssh to remote server
sudo to root
execute a couple of commands
exit
On google I couldn't find something similar,
but I assume I am not the first person who came across this?
we have have environments where we can login to a main server as root ,
execute scripts on remote servers as root, because SSH keys have been configured, but not for this environment
Hi,
I want to write a shell script to compare two tables in teradata.these tables are present on different servers.
I want to connect to both servers in single login in order to fetch and compare the data in one go.
Thanks (1 Reply)
Hello all, I know that is a question which has made too many times, and I have been looking into the threads but all posted was not sucessfully for me so...
I need a shell script which connect two unix servers, but NOT using ssh... Is there another way to do it?
I've tried ssh but it didn't... (1 Reply)
I'm trying to connect a few servers in different remote locations to my HMC. I added static IPs to the Service Processor through ASM, and did all the necessary network configurations, then connected those servers to our switch. Now my questions are:
- in our site, do I need to connect these... (4 Replies)
So I have a script that runs as a non-root user, lets say the username is 'xymon' .
This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root.
in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Hello,
I am running into few issues, please suggest me what I am missing.
I am running this script on a linux host.
Main idea of this script is to, login to each host via ssh and get uid of user, service user that I trying to run this script, has already deployed ssh keys and provide sudo... (8 Replies)
Hello,
I have access to several linux servers (mostly centos based) located in a DC in another country.
from day to day I need to login to each of them to do some work (they dont have gui/window manager installed, I work only from console), or even to just do a check like df -h for disc usage.... (3 Replies)
I have a script, which connecting to remote server and first checks, if the files are there by timestamp. If not I want the script exit without error. Below is a code
TARFILE=${NAME}.tar
TARGZFILE=${NAME}.tar.gz
ssh ${DESTSERVNAME} 'cd /export/home/iciprod/download/let/monthly;... (3 Replies)
Hello,
Kindly guide.
SendMail function on my script is not working, but it works manually.
Any better way to handle the script is appreciable.
#!/bin/sh
GetHostConnection()
{
truncate --size 0 /home/web/for_mail.out
while read -r lines ;
do
ip=`echo $lines | awk '{print... (9 Replies)
Greetings Experts,
I am working for a bank client and have a question on connect-direct and SFTP.
We are using Linux RedHat servers. We use connect-direct to transfer (NDM) files from one server to another server. At times, we manually transfer the files using SFTP from one server to another... (2 Replies)
Discussion started by: chill3chee
2 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)