Ssh – pass a password to sudo su

bashremote-accessshellsshsudo

I wanted to sudo to different user after ssh'ing into remote server, for this i tried the following:

cat remote-test.sh
ssh -t -t abcuser@test-server.net 'bash -s' << EOF
  /tmp/test.sh
EOF

when i execute the remote-test.sh from development-server.net, I wanted to ssh to test-server.net as abcuser and then sudo as xyzuser .

cat /tmp/test.sh

echo "password" | sudo -S su - xyzuser
cd /tmp/some/directory

Can someone please advice how to pass a password while doing sudo su in a script.

Best Answer

You setup password-less ssh to localhost as user xyzuser for abcuser to achieve what you're trying. You'll need to add abcuser's public key as an authorized_key for xyzuser.

Then when you're logged in as abcuser, you can do:

ssh xyzuser@localhost do_something_as_xyzuser

If you've blocked ssh access to xyzuser, allow it only through loopback. If you're on linux, see your /etc/security/access.conf or equivalent on how to do that.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Ssh – Linux: ssh to host and use sudo to run a script, runs but part of script fails

first off, change your key-based auth such that your login to the remote system is as the user in question - then there's no need to use sudo (since you already indicated the service isn't running as root, there should be no security concerns with automated key-based logins).

secondly, have a look at ForceCommand in sshd_config(5) - this provides extra security if you're working with a service account that should only be able to do one thing. Note well the reference to the Match directive.

finally, sudo can have unexpected results when executing commands that also involve modification of files on the system - this is why things like "sudo echo foobar >> /etc/passwd" don't work the way you'd think they would. This is likely (although I can't be sure without seeing the actual script in question) a factor in your current situation. follow my first suggestion above and you'll bypass this issue entirely. :)

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

Ssh – Linux: ssh to host and use sudo to run a script, runs but part of script fails

Related Topic