Login or Register to Ask a Question and Join Our Community


Programming

Using Commands over SSH using Sudo

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming Using Commands over SSH using Sudo
# 15  
Old 02-18-2012
The code in sudo checks to see that its STDIN is a terminal, specifically trying to defeat input redirection from a file. The idea being that you should never put a clear text password in a file anywhere. Sudo wants to force you to manually enter the password on a keyboard in real time in order to run.

A utility like expect can be used to defeat this, but then you're just putting the clear text password into the expect file, which certainly isn't at all secure.

One secure solution would be to set up a root cron job on the target system to do the find periodically and make the output world readable in /tmp. Then you can set up a private/public key pair and just scp or cat the file whenever you like. Not quite real time, but reasonably timely, depending on the interval of the cron job.

Another method I've seen used is to set up key pairs and use scp to drop a trigger file of a particular name (which can be zero length) into predetermined location on the target system. This can be done as a normal user. There's a root cron job on the target system that runs every minute and looks for the trigger file. If found, root takes some predetermined action and then removes the trigger file. I recall an implementation of this where an admin had root doing all sorts of tasks on remote systems, depending on the name or the contents of the trigger file. The actions that root can take are spcifically coded into the cron script, which is only readable by root, so there's no danger of executing arbitrary code. You could trigger the action with the presence of the file and pass arguments as contents of the file.

Sort of the poor man's AutoSys or UC4...

Whatever you decide to do, please keep security in mind.

Cheers!
Last edited by sds9985; 02-18-2012 at 01:53 AM..
# 16  
Old 02-18-2012
I would make it like this :

Make a script.sh on machine(server) you are trying to run find / gzip.

Code:
if ! [ -f /tmp/lockme ]; then
touch /tmp/lockme
##sudo code goes here
rm -f /tmp/lockme
else
echo "already running, try again later"
fi

On client side i would exchange ssh-keys as user to sudo-user on server (passwordless).
authorized keys on server will have to be modified in manner like :
Code:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/path/to/script.sh" ssh-rsa # rest # sudo-user@server

So whenever a user runs
Code:
ssh sudo-user@server

It will run script.sh

It's not ultra secure, but much safer then using sudo with expect over ssh.
# 17  
Old 02-21-2012
It definately has to due with what I have inside of the sudoers file:

Code:
ssh -t -t -o  "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l user 10.7.0.180

Linux 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Ubuntu 10.04.2 LTS

Welcome to Ubuntu!
* Documentation:  https://help.ubuntu.com/

user@10.7.0.180:~$ sudo find / -depth
[sudo] password for user:

As you can see, after logging in, I am still getting prompted for a password.

---------- Post updated at 01:05 PM ---------- Previous update was at 11:36 AM ----------

It was in fact /etc/sudoers and the placement of my entry, so from:

Code:
root	ALL=(ALL) ALL
user  ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip

to

Code:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
user   ALL = NOPASSWD: /usr/bin/find, /bin/cpio, /bin/gzip, /bin/cat

worked like a charm.


11.10 - Why is sudoers NOPASSWD option not working? - Ask Ubuntu - Stack Exchange
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to automatically run commands after SSH and SUDO not working?

I'm working on a script to SSH and SUDO as (sap user sidadm) then automatically run commands that the sidadm user can run such as R3trans -v, tp, etc.. I can SSH without password and SUDO.. but the commands don't run after I SSH and SUDO to the sidadm user...here is the commands that I've... (2 Replies)
Discussion started by: icemanj
2 Replies

2. Ubuntu

Sudo commands without puting in .bashrc

dear all, When I start my laptop, I need to run one command /etc/init.open-afs start and it require sudo privilege. The only solution which occur to me is to put this command in .bashrc. But then the trouble comes as everytime I open any new tab it ask for the sudo password, which is pretty... (5 Replies)
Discussion started by: emily
5 Replies

3. Shell Programming and Scripting

Ssh not supporting sudo and sqlplus commands

Hi Guys , I was facing an issue some thing like , I have to connect remote machine and should execute few commands over there , I am able to run some simple commands , but below commands are throws error like not found. eg : sudo su - username and sqlplus user/pwd@db , srvrmgr commands etc ... (8 Replies)
Discussion started by: chandini
8 Replies

4. Shell Programming and Scripting

How to run sudo commands under a script?

Hi, I am new to scripting. I am trying to write a script to ssh one remote machine and run a sudo command. ssh <hostname> sudo -S <command> < ~/pass.txt I am stored my password in pass.txt. I am getting error sudo: no tty present and no askpass program specified Please suggest me how can... (1 Reply)
Discussion started by: venkia9
1 Replies

5. UNIX for Advanced & Expert Users

sudo: blocking specific commands

Hello all, I manage some HP-UX 11.31 servers. I have some users that have sudo access. All of them belong to the 'sudoers' user group. Right now, sudo is configured as wide open: %sudoers ALL=(ALL) ALL We are using sudo mostly for auditing purposes - when a user wants to run a... (9 Replies)
Discussion started by: lupin..the..3rd
9 Replies

6. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

7. UNIX for Dummies Questions & Answers

sudo commands list

Hi, Can you please give me a list of commands executed through 'sudo' command, thank you. (1 Reply)
Discussion started by: Dev_Dev
1 Replies

8. AIX

Add sudo executable commands

Guy's I have sudo already installed in AIX , just I want to know how can I add for example the following commands to be executed by sudo by (appuser).. shutdown /usr/startapp.sh /usr/stopapp.sh (5 Replies)
Discussion started by: ITHelper
5 Replies

9. Shell Programming and Scripting

could not send commands SSH session with Net::SSH::Expect

I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands. With the putty I can connect to the device and execute the commands without any issues. Here is the sample script my $ssh =... (0 Replies)
Discussion started by: hansini
0 Replies

10. UNIX for Advanced & Expert Users

Logging all commands after a sudo su-

Hi there, It might seem tricky, I confess. We use sudo to allow people to initiate priviledged commands (but not all commands) on our Unix systems. To by pass this, some people initiate the sudo su - command ; The main issue is to 'know' what those people do when they gain root access.... (4 Replies)
Discussion started by: linuxmtl
4 Replies
Login or Register to Ask a Question