I have been trying to create an app that can shutdown my mac using ssh. I've tried ssh-copy-id -i ~/.ssh./id_rsa.pub ssh "my computer" | sudo shutdown -h now but I get an error message saying zsh:exit 1 and zsh: suspended (tty output) sudo shutdown -h now and I don't know what to do.
There are several issues with your command:
ssh-copy-id -i ~/.ssh./id_rsa.pub ssh "my computer" | sudo shutdown -h now
That's two commands. You need a semicolon or line break to separate them
ssh-copy-id needs the private key, but you've provided the public key
That key looks like it has an extra dot in the key path
You're running sudo shutdown -h now locally rather than remotely
Run this just one time. It will prompt you for your user's password on mycomputer:
ssh-copy-id -i ~/.ssh/id_rsa mycomputer
Then you can run this:
ssh -t mycomputer "sudo shutdown -h now"
This will be interactive since you need to enter your user password for sudo, but at least the key prevents you from needing to enter it a second time to gain access to the system.
You could reduce this by allowing your user to run that command without a password. From a shell on that computer (ssh mycomputer), run visudo (if the last line of that file looks like #includedir /etc/sudoers.d, quit and run something like visudo -f /etc/sudoers.d/local) and add this to the end:
gjwlsdnd224 ALL=(root) NOPASSWD: /sbin/shutdown -h now
where gjwlsdnd224 is your username. If you do this, you don't need -t passed to ssh.
Related
I'm trying to set some automation inside local network and started working with some shell scripting and something that I saw - very strange behaviour SSH inside script according to how script running(with or without sudo):
What I have:
ComputerA and ComputerB.
Inside ComputerA:
A shell script script.sh:
cp /dir1/file1 /dir2/file2
ssh username#ComputerB "sudo reboot"
/etc/ssh/ssh_config file with some configurations to work without ssh-keys (they always changes on ComputerB):
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
GlobalKnownHostsFile=/dev/null
Inside ComputerB:
In /etc/sudoers file:
username ALL=(ALL:ALL) NOPASSWD:ALL
When I connecting through SSH to ComputerA and running script.sh without sudo, I get permission error to write to /dir2 (it's OK) and next command on ComputerB executes normally (reboots ComputerB), but I'm running sudo script.sh. It copy file and then I got strange - SSH asks me username password. Tried different variants to change ssh command to something like:
ssh -t username#ComputerB "echo user_pass | sudo -S reboot"
but nothing helped.
So I need help to figure out what happens and what to do to execute sudo script.sh without entering password for ssh command inside.
Thanks!
Don't run script.sh with sudo on computerA; instead modify the script like so:
sudo cp /dir1/file1 /dir2/file2
ssh username#ComputerB "sudo reboot"
The reason that you're seeing the strange behaviour is that you're actually becoming root on computerA (I assume you have a keypair set-up for your regular user and expect to connect to computerB passwordless?), and that root on computerA doesn't have a keypair that computerB knows about.
I am trying to loop through a list of remote servers, ssh to them and get hardware info, but this requires sudo password, and I don't want to have to type in password for each loop, and unsure how to accomplish that. My script below:
#!/bin/bash
for i in $(cat server-list.txt); do
ssh -t username#${i} 'sudo -s <dmidecode -t 1>';
done
Note: all system commands require sudo password.
This seems to be a popular question on stackoverflow but nothing seems to be working for me
I will explain my problems first and then go the the solutions I have tried
What I need to do is to ssh to serverB from serverA. for this I have set up an rsa encryption on the servers and I can successfully ssh to serverB
I use
ssh user#hostname
Now I want execute certain commands on serverB. The first one is to switch to app user. For this I need to run sudo su - app command but I also want to provide the password in the same line so that it doesnt prompt for the password again.
So I have tried to first directly run sudo su - app command on serverB with password to test it out
I have tried the following
echo "password" | sudo su - app
sudo -S <<< "password" su - app
echo "password" | sudo -S su - app
echo 'passowrd' | sudo 'su -c - app'
However none of the above solutions work for me.
The closest I could get was with
echo "password" | script -c "sudo su - app"
where it accepts the password and shows me
app#hostname [/app]
$
however when I run the command whoami it still shows me user instead of app. however when I directly run sudo su - app and the provide pass and then run whoami it gives me app
I am trying to run command with ssh like
ssh user#hostname -t 'echo "password" | script -c "sudo su - app"'
P.S. the user user doesnt have root access and also I cannot make use of any plugin as I don't have permission to do the same
My server is Redhat 6.2
I hope I could explain it properly. Looking for some answers that can help.
Sorry for my bad English. Thanks for help.
If we set up ssh using rsa key encryption then we don't need to use the password.
In order to enable ssh with public/private key I follow
Genrate the public/private key for user on serverA
ssh-keygen -t rsa
Go to .ssh/id_rsa.pub file and copy the public key
Login to ServerB and then do sudo su - app to change to app user. Here in the file .ssh/authorized_key copy the public key.
Try ssh to serverB now from serverA like
ssh app#hostnameServerB
It works without asking for a password.
I am new to shell scripting,
I am trying to write a script that'll run on my local machine.
Few of it's commands are to run on my local and then a few on the remote server.
Below is a sample script -
The 1st two will run on my local system,
rest of them are to run on the remote server.
eg -
scp -i permissions.pem someJar.jar ubuntu#ip:/var/tmp
ssh -i permissions.pem ubuntu#ip
sudo su
service someService stop
rm -rf /home/ubuntu/someJar.jar
rm -rf /home/ubuntu/loggingFile.log
mv /var/tmp/someJar.jar .
service someService start
As the script will run on my local machine,
How do make sure the 3rd and further commands take effect on the remote server and not on my machine?
Here's my sample.sh file -
scp -i permissions.pem someJar.jar ubuntu#ip:/var/tmp
SCRIPT="sudo su; ps aux | grep java; service someService stop; ps aux | grep java; service someService start; ps aux | grep java;"
ssh -i permissions.pem ubuntu#ip $SCRIPT
The scp is working, nothing is displayed after that.
You need to pass the reset of the script as a parameter to SSH. Try this format:
SCRIPT="sudo su; command1; command2; command3;"
ssh -i permissions.pem ubuntu#ip $SCRIPT
See: http://linuxcommand.org/man_pages/ssh1.html
Hope this helps.
Update:
The reason why you don't see anything after running the command is because sudo expects the password. To avoid this there are three solutions:
Give ubuntu user needed permissions to perform all the tasks in the script.
Pass the password to sudo under SCRIPT: echo 'password' | sudo su; ...
Modify sudo-er file and allow ubuntu user to sudo without prompting for password. Run sudo visudo and add the following line: ubuntu ALL = NOPASSWD : ALL
Each system admin will have a different approach to this problem. I think everyone will agree that option 2 is the least secure. The reset is up to debate. In my opinion option 3 is slightly more secure. Yet, entire server is compromised if your key is compromised. The most secure is option 1. While it is painful to assign individual permissions, by doing so you are limiting your exposure to assigned permissions in case if your key is compromised.
One more note: It might be beneficial to replace ; with && in the SCRIPT. By doing so you will ensure that second command will run only if the first one finished successfully, third will run only if second finished successfully and so on.
I am using below command to open putty through windows command prompt:
PUTTY.EXE -ssh -pw "mypass" user#IP -m C:/my.sh -t
Where my.sh mentioned in above command file contains:
sudo su - rootuser
After executing the command, putty console is opened and it prompts for password.
Is there any way where I can provide this password automatically without typing it?
There's a bit of a horrible workaround using Expect and embedding a password.
This is a bad idea.
As an alternative:
Configure sudo to allow NOPASSWD.
Login directly as root using public-private key auth.
Both these introduce a degree of vulnerability, so should be used with caution - but any passwordless auth has this flaw.
Finally, after struggling for almost whole day, I got the way to get this working.
Below command can be executed from windows machine:
PLINK.EXE -t -ssh -pw "password" user#IP /home/mydir/master.sh
master.sh file is located on remote machine. And this file contains below command to execute script with sudo command without prompting password.
echo password | sudo u user -S script.sh
Here, password should be replaced with your password. user should be replaced with your actual user and script.sh is the script on remote machine that you want to fire after sudo login.