0

I wrote a short script that would ssh to a bunch of machines on a file called config that would iterate through the machines, ssh through them and create a new user on them. problem is - these commands require sudo privileges, and when I'm trying to execute sudo on them, I get a wrong password error, probably because sudo is not allowed over ssh? I'm not quite sure.

The code is as follows:

#!/bin/bash

read -p "enter remote admin username " adminuser
read -p "choose new username " newuser
read -p "choose new pass " newpass

while read -u10 HOST ; do ssh ${HOST} "uname -a" ;
sudo -S adduser --disabled-password --gecos "" $newuser
sudo -S chpasswd <<<"$newuser:$newpass"
sudo -S chown $newuser /home/$newuser
#sudo -S  groupadd group
echo; echo "New user ${newuser} has been created on ${HOST}"

done 10< config.txt

It's worth to note I have set /etc/ssh/sshd_config PermitRootLogin to yes.

While we're at it, is there a way to minimize the amount of times i have to input my admin password? Right now I have to use it when I first ssh into the machine and when I execute a sudo command - so if I have 17 machines that's a minimum of 17 machines. I'd like to minimize that if possible.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
menash
  • 15
  • 5
  • 1
    Change your script to get the username and password from arguments or environment variables, so you can pass it to the script in a loop – Barmar Apr 12 '21 at 20:08
  • Simplest might be to configure sudoers so that the user can run these commands without having to enter a password. – Barmar Apr 12 '21 at 20:38
  • `sudo -S` expects to get the admin's password from stdin, so it should be in the `<<<` here-string. – Barmar Apr 12 '21 at 20:39
  • i tried sudo -S adduser --disabled-password --gecos "" $newuser <<< /tmp/usrpss but it also didnt work. i ofcourse created /tmp/usrpss with the password to test it, no luck – menash Apr 12 '21 at 22:53
  • If you want to get it from a file, you have to use `<` not `<<<`. – Barmar Apr 12 '21 at 23:00
  • i tried both <<< and <, they both failed: https://imgur.com/a/OT0V3he – menash Apr 12 '21 at 23:16
  • Are you expecting that `ssh ${HOST} "uname -a"` will cause the rest of the commands in the loop to run on the remote host? This is not the case. The `sudo` commands currently run on your local machine. – that other guy Apr 13 '21 at 00:23
  • The assumption that `sudo` is somehow disabled when you `ssh` is completely false anyway. This would be easy to confirm with a simple experiment. Try to reduce your problem to the simplest possible case for debugging; see also the guidance for including a [mre]. – tripleee Apr 13 '21 at 03:06

1 Answers1

0

Please do not set /etc/ssh/sshd_config PermitRootLogin to yes. No reason to play with fire unless necessary.

On the remote machine, use visudo to define a group like admin that never needs to enter a password in order to use sudo. Here are two lines from my /etc/sudoers file:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD: ALL

Then add the user id to that Linux user group and the script will run as root without prompts for sudo passwords:

$ usermod -a -G admin my_user_name
Mike Slinn
  • 7,705
  • 5
  • 51
  • 85
  • this is how my sudoers file currently looks like: https://imgur.com/a/DhGqgIZ, but i still get an error prompting for a password. verified its in the admin group: https://imgur.com/a/VLtw8sS output on local machine: https://imgur.com/a/9UmaZkg – menash Apr 12 '21 at 22:48
  • I did mention that your user id needs to be a member of the group. The instructions were extended to show you exactly how to do that also – Mike Slinn Apr 13 '21 at 02:33