Linux – How to use ssh and sudo together in bash

bashlinux

I haven't been able to find a question that describes this specific scenario.

I am trying to execute a very basic bash script to retrieve logging from multiple machines. I am running the script locally but need to access an external machine via ssh, as well as sudo into a privileged user once on that machine…

ssh myuser@machine.net
sudo su  - privledged_user
cat logs > file.txt

Running this with sh -x reveals bash is getting stuck on the 'ssh' line. So I tried revising it to this:

ssh myuser@machine.net sudo su - privledged_user cat logs > file.txt

This also seems to stall indefinitely. Is there a better solution to this problem?? I don't see a way around using sudo su from what I can tell…

Thanks for any help!

Best Answer

The way I achieve this in my current environment, is to run ssh with the -t flag which forces tty allocation, and to then run sudo -u root within it, as follows:

ssh -t hostname << EOF
  command1
  sudo -u root command2
  sudo -u otheruser "command3 | command4"
  sudo -u root /bin/bash -c "command5; command6; command7"
  command8 && ( sudo -u otheruser /bin/bash -c "cmd1 ${1}; cmd2 {$2}" ) || echo cmd2 did not work

EOF

I have my account in sudoers on the remote side so that no password is required.

This example shows you different ways to do this within a single ssh session, including running multiple commands with bash or within a subshell. Note also that if you put the above code into an executable script, you can pass command line arguments ($1 and $2) to ssh and these will be expanded and then referenced on the remote side.

Related Solutions

Bash Scripting – How to Determine if a Bash Variable is Empty

This will return true if a variable is unset or set to the empty string ("").

if [ -z "${VAR}" ];

Difference Between Double and Single Square Brackets in Bash – Scripting Shell POSIX

There are several differences. In my opinion, a few of the most important are:

[ is a builtin in Bash and many other modern shells. The builtin [ is similar to test with the additional requirement of a closing ]. The builtins [ and test imitate the functionality /bin/[ and /bin/test along with their limitations so that scripts would be backwards compatible. The original executables still exist mostly for POSIX compliance and backwards compatibility. Running the command type [ in Bash indicates that [ is interpreted as a builtin by default. (Note: which [ only looks for executables on the PATH and is equivalent to type -P [. You can execute type --help for details)
[[ is not as compatible, it won't necessarily work with whatever /bin/sh points to. So [[ is the more modern Bash / Zsh / Ksh option.
Because [[ is built into the shell and does not have legacy requirements, you don't need to worry about word splitting based on the IFS variable to mess up on variables that evaluate to a string with spaces. Therefore, you don't really need to put the variable in double quotes.

For the most part, the rest is just some nicer syntax. To see more differences, I recommend this link to an FAQ answer: What is the difference between test, [ and [[ ?. In fact, if you are serious about bash scripting, I recommend reading the entire wiki, including the FAQ, Pitfalls, and Guide. The test section from the guide section explains these differences as well, and why the author(s) think [[ is a better choice if you don't need to worry about being as portable. The main reasons are:

You don't have to worry about quoting the left-hand side of the test so that it actually gets read as a variable.
You don't have to escape less than and greater than < > with backslashes in order for them not to get evaluated as input redirection, which can really mess some stuff up by overwriting files. This again goes back to [[ being a builtin. If [ (test) is an external program the shell would have to make an exception in the way it evaluates < and > only if /bin/test is being called, which wouldn't really make sense.

Best Answer

Related Solutions

Bash Scripting – How to Determine if a Bash Variable is Empty

Difference Between Double and Single Square Brackets in Bash – Scripting Shell POSIX

Related Topic