Ubuntu – How to run a script in Ubuntu via SSH as superuser

rootsshUbuntu

So I have a script that needs to be executed remotely as root. This isn't a problem with most Linux distros since they have a root account. But since Ubuntu does not, executing anything as root requires a 2-step process of entering the account password twice – once to log in and once for sudo. The SSH process to launch the script is automated, so it cannot pause for user input for the second password request.

Does anyone know, short of hacking Ubuntu to re-enable root (not an option), if unattended SSH script execution with superuser privilege on the target machine is possible? Also, having no experience with Debian, does Debian behave this way too?

Best Answer

You can ssh in using key-based only authentication, and then edit the sudoers file not to require a password. This will eliminate the password at the two steps you described.

To see up ssh key based ssh access:

ssh-keygen
ssh-copy-id dest-server

And the for the sudoers file:

sudo visudo -f /etc/sudoers
#uncomment the following and then add yourself to the sudo group
# %sudo ALL=NOPASSWD: ALL

Better would be to require no password for sudo only for the commands you need to automate this particular function. See my answer here for that.

References:
Setting up a user without a password

How do you setup ssh to authenticate using keys instead of a username / password?

Related Solutions

SSH hangs when executing command remotely

I had the same problem, and today finally discovered what was causing the issue (for me at least). This might help you too.

When ssh is setting up a session, the DSCP flags field in the IP header is set to 0x0. If you establish an interactive session, it is set to 0x10 (16), and if you establish a non-interactive session, it is set to 0x8 (8). The ssh client sets the DSCP field with the setsockopt() system call (which I verified in the source)

A faulty configuration on a VPN at my employer was dropping the packets with the DSCP of 0x8, causing all non-interactive ssh traffic to also get dropped. To verify it was the DSCP field that was causing the drop, I used iptables on the ssh server to force the DSCP field to be set to 0x16 and tested my non-interactive traffic (ssh ls, same thing you were trying) and it worked after that. You might also try the same thing and see if thats why your session is hanging.

To set DSCP to 0x10 on all outgoing ssh traffic from your ssh server, run:

$ sudo iptables -t mangle -A OUTPUT -p tcp --sport 22 -j DSCP --set-dscp 0x19

This was on a rhel 6.5 box.

Linux – setting up a password for cron rsync over ssh

Anything you do will be insecure without the use of ssh and sshd.

The canonical way is to use scp or even better, rsync and an ssh key without a password.

Alternatively, create a key used only for copy, and on the remote end edit the authorized_keys file to contain only the command(s) you need to run, and the key, e.g.:

# remote_server:/home/copyuser/.ssh/authorized_keys:
command="[...]" ssh-rsa KEY_HERE user@host

There is also scponly available. If you create a user, set their shell in /etc/passwd to /usr/bin/scponly and they will not be allowed to login, but copy files in and out per the normal permissions.

Best Answer

Related Solutions

SSH hangs when executing command remotely

Linux – setting up a password for cron rsync over ssh

Related Topic