sudo and ssh

john_prince · January 19, 2011, 2:52pm

Hi,

I would like to know how i can perform a task, while performing ssh, sudo and command at the same time.

What I generally do is I ssh to the server, where i created private and public, so it does not prompt me for password all the time. Then i need to run "sudo su - ldaprole" to get into ldaprole profile.

Is it possible to create another public/private key, so that i dont have to type in the password or can run the command with one liner.

FYI : Setting up SSH keys for access without a password

I use this link to setup ssh between the servers.

Thanks, John.

DGPickett · January 19, 2011, 3:01pm

Can't you just "ssh ldaprole@yourhost ...." in the first place?

john_prince · January 20, 2011, 9:26am

No, i dont have password for ldaprole, i am only allowed to sudo for it, and run only specified command as listed under sudo file.

---------- Post updated 01-20-11 at 06:26 AM ---------- Previous update was 01-19-11 at 12:56 PM ----------

Does any know how to accomplish this?

purdym · January 20, 2011, 9:37am

If I understand your issue (you don't want to type the password for ldaprole when running sudo), ask your administrator to allow ldaprole to run the command without entering a password.

If I remember right, in /etc/sudoers, use:

NOPASSWD

Corona688 · January 20, 2011, 10:04am

Your administrator seems to have quite carefully set up a situation where you must use a password and prevented your means to change it. You should take this up with them.

john_prince · January 20, 2011, 10:10am

And why would administrator would allow that.

Here i am talking about creating private-public key.

Corona688 · January 20, 2011, 10:42am

Hopefully because you have very good reasons for asking...

To arrange a login with a private-public key, you must create or modify files inside ldaprole's home directory. You say you haven't been given the access you need to do that, so you're out of luck.

DGPickett · January 20, 2011, 4:45pm

If you can "sudo su - ldaprole" interactively, then when you are in the id, you can scp to pull keys into the ssh dir from your remote or local home dir using your own password, and modify any other ldaprole ssh files necessary to ssh direct from your host-account to this host-account. The access you get you already have, if you an ssh to your own account there passwordlessly, just now there is only one step.

john_prince · January 21, 2011, 1:05pm

okay. Further illustrating --

/home/gy1212> ssh myhost 'sudo su - ldaprole'
The authenticity of host 'myhost (52.99.10.10)' can't be established.
RSA key fingerprint is 08:79:9c:61:ec:b5:75:8e:64:87:f8:32:7e:7c:01:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'myhost' (RSA) to the list of known hosts.
Enter passphrase for key '/home/gy1212/.ssh/id_rsa':
Password:password1#

ls -ltrh
total 14
-rw-r--r--   1 ldaprole gz         3.4K Dec 24 01:00 backupcontent.txt
-rw-------   1 ldaprole gz          257 Jan 10 11:51 dead.letter
drwxr-xr-x   6 ldaprole gz         1.0K Jan 18 14:43 scripts
-rw-r--r--   1 ldaprole gz          783 Jan 20 21:50 temp
id
uid=8227(ldaprole) gid=400(gz)
^CKilled by signal 2.

The issue is that it prompt me to enter password, and also it display the password as plain text. I do not want it to be prompted for a password, or at least should not display the password in plain text.

Thanks. John.

---------- Post updated at 10:05 AM ---------- Previous update was at 08:55 AM ----------

Allright, i solve it myself. i copied the my id_rsa.pub key to ldaprole, and i am not longer prompted for password.

Thanks everyone.

DGPickett · January 21, 2011, 1:08pm

Yes, ssh command mode has a terminal-free login, so the echo cannot be supressed there, but the echo is pprobably coming from the local stty, so turn it off using stty, first.

Or better yet, use the sudo su to log in and move the keys over, then log into ldaprole with ssh, no su!