0

I need to run a command as sudo over ssh:-

ssh ${SSH_SERVER} -l "sudo <command>"

I want to take password in the script and provide it to sudo - something like.

export PASSWORD=<From user>
ssh ${SSH_SERVER} -l "sudo <command> | echo $PASSWORD"

I am not able to write such a script and need help.

bash -version GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html

================EDIT===================

I tried the suggestion given below but am getting an error.

[user@my-host ~]$ cat temp.sh 
#!/bin/bash -xv
function f1 {
### Do NOT indent these lines until end comment ###
cat > /tmp/$HOSTS-pw.sh <<EOS
#!/bin/sh -xv
ssh -q -tt $HOSTS sudo "sudo ls" <<EOC
$SUDOPW
EOC
EOS
### End Comment ###
 
    chmod 700 /tmp/$HOSTS-pw.sh
    /tmp/$HOSTS-pw.sh >/dev/null
    if [ -f /tmp/$HOSTS-pw.sh ]; then rm -f /tmp/$HOSTS-pw.sh; fi
 
}
 
export HOSTS="destination.host"
 
echo "Enter SUDO password:"
read -s SUDOPW
 
f1
 
unset SUDOPW
exit 0
[user@my-host ~]
[user@my-host ~]
[user@my-host ~]
[user@my-host ~]$ ./temp.sh 
#!/bin/bash -xv
 
function f1 {
 
### Do NOT indent these lines until end comment ###
cat > /tmp/$HOSTS-pw.sh <<EOS
#!/bin/sh -xv
ssh -q -tt $HOSTS sudo "sudo ls" <<EOC
$SUDOPW
EOC
EOS
### End Comment ###
 
    chmod 700 /tmp/$HOSTS-pw.sh
    /tmp/$HOSTS-pw.sh >/dev/null
    if [ -f /tmp/$HOSTS-pw.sh ]; then rm -f /tmp/$HOSTS-pw.sh; fi
 
}
 
export HOSTS="destination.host"
+ export HOSTS=destination.host
+ HOSTS=destination.host
 
echo "Enter SUDO password:"
+ echo 'Enter SUDO password:'
Enter SUDO password:
read -s SUDOPW
+ read -s SUDOPW
 
f1
+ f1
+ cat
+ chmod 700 /tmp/destination.host-pw.sh
+ /tmp/destination.host-pw.sh
#!/bin/sh -xv
ssh -q -tt destination.host sudo "sudo ls" <<EOC
My-password
EOC
+ ssh -q -tt destination.host sudo 'sudo ls'
tcgetattr: Inappropriate ioctl for device
+ '[' -f /tmp/destination.host-pw.sh ']'
+ rm -f /tmp/destination.host-pw.sh
 
unset SUDOPW
+ unset SUDOPW
exit 0
+ exit 0
user1918858
  • 1,202
  • 1
  • 20
  • 29
  • 2
    Possible duplicate of [proper way to sudo over ssh](http://stackoverflow.com/questions/10310299/proper-way-to-sudo-over-ssh) – idjaw Feb 26 '16 at 02:11

1 Answers1

1

Here is a basic shell for running all sorts of sudo commands over ssh without having the password sent over in clear text or in the shell history. The temporary file is created and deleted on your own host.

Also depending on the command and situation, you could also add your account in the sudoers file with nopasswd for a specific command. I hope this helps. I you provide more info I may be able to help more.

#!/bin/bash

function() {

    if "something" ;
        then

### Do NOT indent these lines until end comment ###
cat > /tmp/$HOSTS-pw.sh <<EOS
#!/bin/sh
ssh -q -tt user@$HOSTS sudo "your command here" <<EOC
$SUDOPW
EOC
EOS
### End Comment ###

    chmod 700 /tmp/$HOSTS-pw.sh
    /tmp/$HOSTS-pw.sh >/dev/null
    if [ -f /tmp/$HOSTS-pw.sh ]; then rm -f /tmp/$HOSTS-pw.sh; fi

    else
        echo "some thing"

    fi
}

echo "Enter SUDO password:"
read -s SUDOPW

for loop here function; done

unset SUDOPW
exit 0
Brian Mc
  • 141
  • 8
  • I am getting this error `tcgetattr: Inappropriate ioctl for device` – user1918858 Feb 27 '16 at 01:51
  • Sorry for the delay in response .... I have added the required command in the question (after the EDIT line) – user1918858 Mar 07 '16 at 20:17
  • Two things I saw right off the bat. 1) you need a username for the account in the " ssh -q -tt $HOSTS sudo "sudo ls" < – Brian Mc Mar 07 '16 at 20:30
  • @BrianMc, note: "*you can*" indent the body of the heredoc if you add a `-` to the end of `<<`, e.g. `<<-`. Helpful if you need to preserve script indention for nested loops or ifs. – David C. Rankin Mar 07 '16 at 20:30
  • I changed sudo sudo ls to sudo ls. Also used user@$HOSTS. But still I get the same error. Is there a setting that I can check in my machine to see if I can actually enter the password through redirection, because this too fails and asks me for password. `sudo ls < EOC Password:` – user1918858 Mar 08 '16 at 18:42
  • Try changing the first `#!/bin/bash` to match the second one which is `#!/bin/sh` see if that helps. Make both `#!/bin/sh` – Brian Mc Mar 09 '16 at 03:27
  • BTW, you are using a valid user with sudo rights to ssh right? That user must be in the sudoers file or a member of a group that is in the sudoers file on the target machine. Also this script is supposed to be used in conjuction with ssh-keys. You must be able to ssh to the target machine without being prompted for a password. – Brian Mc Mar 09 '16 at 03:49