The second command doesn't run as root - shell

I have created a Jenkins job today, what it does is the Jenkins user should log into another server and run two commands separated by &&:
ssh -i /creds/jenkins jenkins#servername.com "sh -c 'sudo su && lxc exec containername bash'"
The logging part works fine, then it runs the sudo su command and becomes root but it never runs the second command.
I even did this manually and from the Jenkins machine logged into the other server (servername). Then ran sh -c "sudo su && lxc exec containername bash" with no luck.

Try to execute the second command as a parameter for the sudo su command, like this:
ssh -i /creds/jenkins jenkins#servername.com "sh -c 'sudo su -c "lxc exec containername bash"'"

Related

How to run ENTRYPOINT as root and switch to non-root to run CMD using gosu?

To connect to my container from Azure WebApp admin I need to start ssh server at startup. Then I need to run web server once the db is up.
In my Dockerfile I create a dedicated non-root user to run the web server.
RUN groupadd -g 1000 wagtail && \
useradd -u 1000 wagtail -m -d /home/wagtail -g wagtail
I copy startup-ssh.sh and startup-main.sh scripts into the container:
COPY startup-ssh.sh /app/
COPY startup-main.sh /app/
RUN chmod +x /app/startup-ssh.sh
RUN chmod +x /app/startup-main.sh
ENTRYPOINT ["/bin/bash", "-c", "/app/startup-ssh.sh"]
CMD ["/bin/bash", "-c", "/app/startup-main.sh"]
In the startup-ssh.sh I start the ssh server and then use gosu to switch user:
#!/bin/bash
# start ssh server
sed -i "s/SSH_PORT/$SSH_PORT/g" /etc/ssh/sshd_config
/usr/sbin/sshd
# restore /app directory rights
chown -R wagtail:wagtail /app
# switch to the non-root user
exec gosu wagtail "$#"
I expect the CMD's startup-main.sh script to be executed next but I get this in the Docker Desktop logs when the container is started.
Exited(1)
Usage: gosu user-spec command [args]
gosu nobody:root bash -c 'whoami && id'
gosu 1000:1 idie: gosu tianon bash
gosu version: 1.10 (go1.11.5 on linux/amd64; gc)
license: GPL-3 (full text at https://github.com/tianon/gosu)
I believe that Docker Desktop uses root when connecting to the container.
Maybe I'm missing something critical and/or this is something obvious. Please point me.
The code passed no arguments to the script. Imagine it like this:
bash -c '/app/startup-ssh.sh <NO ARGUMENTS HERE>' ignored ignored2 ignored3...
Test:
bash -c 'echo' 1
bash -c 'echo' 1 2
bash -c 'echo $0' 1 2 3
bash -c 'echo $1' 1 2 3
bash -c 'echo "$#"' 1 2 3
You want:
ENTRYPOINT ["/bin/bash", "-c", "/app/startup-ssh.sh \"$#\"", "--"]
Or, why the explicit shell if the file has a shebang and is executable, really just:
ENTRYPOINT ["/app/startup-ssh.sh"]

How to execute commands right after login using SSH connection? But after few seconds of login, it disconnect me from remote server

#!/bin/bash
expect <<END
spawn ssh -o user#remote_ip
expect "password"
send "my_pass\r"
expect eof
END
cd /var/www/html/node_project/
##npm init -y
npm install
##node index.js
I want run some commands right after login into remote server. I can login successfully, but 2 or 3 seconds later, it automatically logout me from the remote server. How can I make it wait until all of my commands run and execute successfully?
Use this:
sshpass -p "PASSWORD" ssh -o StrictHostKeyChecking=accept-new USERNAME#IP_ADDRESS "sleep 10 ; ls -l"
or this (for connection timeout):
sshpass -p "PASSWORD" ssh -o StrictHostKeyChecking=accept-new USERNAME#IP_ADDRESS 'nohup bash -c "sleep 3; ls -l"'
Note: replace ls -l with your command.
Here is my solution: I have run multiple commands in line and it executes all the commands one after another.
spawn ssh user#remote_ip "cd /var/www/html/node_project/" && "npm install" && "node index.js"

Running "sudo su" within a gitlab pipeline

I've installed some software on a server that my gitlab runner SSH's to, and one of the commands needs to be run after doing sudo su. If I run it as a regular user, but with sudo in front of it - it doesn't work. I have to first completely switch to the sudo user first.
This works fine when I SSH into the server and do the commands manually. But when I try it from the pipeline (rough code below):
my_script:
stage: stage
script:
- ssh -o -i id_rsa -tt user#1.1.1.1 << EOF
- sudo su
- run_special_command <blah blah>
- exit
# above exits from the SSH. below should stop the pipeline
- exit 0
- EOF
I get very weird output like the below:
$ sudo su
[user#1.1.1.1 user]$ sudo su
echo $'\x1b[32;1m$ run_special_command <blah blah>\x1b[0;m'
run_special_command <blah blah>
echo $'\x1b[32;1m$ exit\x1b[0;m'
exit
echo $'\x1b[32;1m$ exit 0\x1b[0;m'
exit 0
echo $'\x1b[32;1m$ EOF\x1b[0;m'
And what I'm seeing is that it doesn't even run the command at all - and I can't figure out why.
In this case, you need to put your script as a multi-line string in your YAML. Alternatively, commit a shell script to repo and execute that.
and one of the commands needs to be run after doing sudo su. If I run it as a regular user, but with sudo in front of it - it doesn't work.
As a side note, you can probably use sudo -E instead of sudo su before the command. But what you have should also work with the multi-line script.
MyJob:
script: |
ssh -o -i id_rsa -tt user#host << EOF
sudo -E my_command
EOF
exit 0
Alternatively, write your script into a shell script committed to the repository (with executable permissions set) and run it from your job:
MyJob:
script: “my_script.sh”

How to sudo su; then run command

Can anyone help me to to solve following issue
i need to ssh to another server by e.g. ubuntu user which has permission to run sudo su fore sure then execute pm2 restart command
full command look like this
#!/bin/sh
CMD="sudo su; pm2 restart 0; pm2 restart 1; exit;"
ssh -i somepemfile.pem ubuntu#1.1.1.1 $CMD
for example i can run normally any command with sudo
CMD="sudo /etc/init.d/apache2 restart"
but with sudo su case it somehow hang and do not response
Unless you have an unusual setup, you can't normally string su with other preceding commands like that. I would imagine it is running sudo su, then hanging in the root environment/session, because it's waiting for you to exit before preceding to the pm2 commands. Instead, I would consider something along the lines of this using the -c option:
CMD="sudo su -c 'pm2 restart 0; pm2 restart 1'"
ssh -i somepemfile.pem ubuntu#1.1.1.1 "$CMD"
As suggested in another answer, it would also probably be useful to encapsulate the $CMD variable in quotes in the ssh call.
su normally puts you in a sub shell which you can see by echoing the current PID (process id)
$ echo $$
94260
$ sudo echo $$
94260
$ sudo su
$ echo $$
94271
But to get around this you can pipe the commands you want to run to su like this
$ echo "whoami" | sudo su
root
And we run multiple commands
$ echo "uptime;whoami" | sudo su
11:29 up 8 days, 19:20, 4 users, load averages: 4.55 2.96 2.65
root
Now to make this work with ssh
$ ssh wderezin#localhost 'echo "uptime;whoami" | sudo su'
sudo: no tty present and no askpass program specified
Darn it, we need allocate a tty for the su command. Add the -t option which allocates a TTY during the remote execution.
$ ssh -t wderezin#localhost 'echo "uptime;whoami" | sudo su'
11:36 up 8 days, 19:26, 5 users, load averages: 2.97 2.97 2.76
root
Your command would look this
ssh -i somepemfile.pem ubuntu#1.1.1.1 'echo "pm2 restart 0; pm2 restart1" | sudo su'
Use -c option of su to specify the command
From man su
In particular, an argument of -c will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell specified in
/etc/passwd for the target user.
CMD="sudo su -c \"pm2 restart 0; pm2 restart 1;\""
You need to quote the expansion so that the entire string is parsed on the remote end.
ssh -i somepemfile.pem ubuntu#1.1.1.1 "$CMD"
Otherwise, the expansion is subject to word splitting, and the remote shell gets a string which consists of the command sudo and the arguments su;, restart, 0;, pm2, restart;, 1;, and exit;. That is, ssh will escape the semicolons when it builds a single string from the separate arguments you pass.
However, that doesn't solve the problem of running pm2 in the shell started by sudo. That is addressed by ramki.

Run shell commands in a remote machine

I would like to know how can I run shell commands in a remote machine.
I tried this:
ssh prdcrm1#${server} "grep -l 'Sometthing' *"
It is working, but I want to run more commands.
Do someone has an Idea?
You can run multiple commands on remote machine like,
Run date and hostname commands:
$ ssh user#host "date && hostname"
Run a script called /scripts/backup.sh
ssh user#host '/scripts/backup.sh'
Run sudo or su command using the following syntax
ssh user#host su --session-command="/sbin/service httpd restart"
ssh -t user#host 'sudo command1 arg1 arg2' ## su syntax ##
Multi-line command with variables expansion
VAR1="Variable 1"
ssh $HOST bash -c "'
ls
pwd
if true; then
echo $VAR1
else
echo "False"
fi
'"
Hope these helps you.

Resources