09-02-2015
I played around with this a bit out of curiosity and the stumbling block seems to be the stdin redirection to sudo. For example, the following works fine:
ssh -t user@host sudo -u user <command>
Any attempts I used to change the command to include redirection would not work.
I also tried ideas similar to this with no luck
cat /path/to/local.sh 2>&1| ssh -t user@host sudo -u user <&1
I couldn't locate any details specific to sudo not working with redirection but that appears to be the main issue from my testing. I tried various switches with ssh and sudo like ssh -t and sudo -S or sudo -n, but was not able to get a combo that worked.
Any reason you cannot copy the script to the destination machine instead of trying to run it from a local location?
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi, I have googled for quite some time and couldn't able to get what exactly I am looking for.. My query is "how to stop a shell script which is running inside a remote server, using a script"??? can any one give some suggestions to sort this out. (1 Reply)
Discussion started by: mannepalli
1 Replies
2. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
3. OS X (Apple)
I was following a tutorial on installing Homebrew and I changed the ownership of /usr/local/ to me. Now McAfee Security won't start This is the exact line I typed:
sudo chown -R `whoami` /usr/local
Then I tried to fix it with:
sudo chown -R root /usr/local
I still can't start mcafee. It say... (7 Replies)
Discussion started by: chancho
7 Replies
4. Shell Programming and Scripting
When i use ssh command to execute local script on remote server , I am unable to do it.
Please let me know how this can be done in ksh
req=abc
dte=ghd
ssh username@hostname "$req $dte" < run_script.sh (2 Replies)
Discussion started by: lalitpct
2 Replies
5. Shell Programming and Scripting
Hi Experts,
I am new to Shell scripting. I want to login to a server using a script. The normal command I use is --> sudo ssh <Servername> . when i tried putting this into a txt format file and tried running, it throw an error "can't execute". I am an Admin and i have root access. Any help would... (6 Replies)
Discussion started by: Tom1989
6 Replies
6. UNIX for Dummies Questions & Answers
I am trying to run a command. This is one of my attempts:
for i in fileservera; do ssh -t $i 'sudo ls /';doneThis works, and I see the directories. However, what I want to do now is start a process on the remote server such as /usr/bin/connectproc -standalonesudo /usr/bin/connectproc... (1 Reply)
Discussion started by: newbie2010
1 Replies
7. UNIX for Dummies Questions & Answers
I have the lines below on my script:
script.ksh:
case `hostname` in
some_host)
ssh server1A "/home/script.ksh $1 $2"
ssh server1B "/home/script.ksh $1 $2"
ssh server1C "/home/script.ksh $1 $2"
ssh server1D "/home/script.ksh $1 $2"
ssh... (1 Reply)
Discussion started by: erin00
1 Replies
8. Shell Programming and Scripting
Hi, I'm trying to run a user defined shell script with options and arguments via ssh but getting error as ksh: Script.sh: not found.
Here is what i'm running:
ssh -t username@server 'cd /path/to/script; script.sh -t start
here '-t' with script.sh, is an user defined option and 'start' is also... (3 Replies)
Discussion started by: xsam
3 Replies
9. UNIX for Beginners Questions & Answers
Dear Experts,
I have found this script on internet that can be used to execute local script remotely
#!/bin/bash
# runremote.sh
# usage: runremote.sh localscript remoteuser remotehost arg1 arg2 ...
realscript=$1
user=$2
host=$3
shift 3
# escape the arguments
declare -a args
... (4 Replies)
Discussion started by: mukulverma2408
4 Replies
10. UNIX for Beginners Questions & Answers
I have googled this and found many solutions, but none of them are working for me. I am in a korn shell, most others reference bsh, maybe that is the issue? Anyway, all I am trying to do is use a variable I have declared in my main script in a remote shell I am running through ssh.
So I have a... (8 Replies)
Discussion started by: DJR
8 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)