SSH: execute sudo command

I have an interactive shell script, that at one place needs to ssh to another machine (Ubuntu based) and execute something as root (the user should enter his password, but the remote command should run like noted in the script):

# ...
ssh remote-machine 'sudo ls'
# ...

However, I always get this error message back:

sudo: no tty present and no askpass program specified

OK, that's quite clear. But how can I circumvent this? Something like this should happen:

$ ssh remote-machine 'sudo ls /'
[sudo] password for user1:

/bin
/etc
/var

Boldewyn

Posted 2010-03-09T11:59:37.153

Reputation: 3 835

Answers

The wondrous ssh has a cure for everything. The point is to add the -t flag to force ssh to allocate a pseudo-tty:

ssh -t remote-server 'sudo ls'

Boldewyn

Posted 2010-03-09T11:59:37.153

Reputation: 3 835

1PTYs can mess things up with scripts, however. ls output will contain \r\n endings for example. – Tobu – 2010-06-14T18:58:18.413

1The easy way around that is to force ls into non-terminal mode. ls | cat will do - it'll see that stdout is a pipe. In this specific question, that's not relevant, as it's apparently intended to be run interactively from a terminal - so you probably want the columns and colours and whatnot. – Gabe – 2013-04-26T08:31:40.270

This method will run a single script using sudo after ssh:

Let's assume we have a "remote" user with sudo capabilities and we have a script we want it to execute as root.

1) Set a script in /etc/passwd to be used on login:

remote:x:1100:1100:Some Remote User,,,:/home/remote:/home/remote/login.sh

2) Inside "login.sh", we execute the script we want to run as "sudo":

#!/bin/bash
if [ "$(id -u)" != "0" ]; then
    #Not running as root, so we execute "sudo"
    sudo /usr/local/bin/script.sh
else
    #We are already rooted, so "sudo" is not required.
    /usr/local/bin/script.sh
fi
exit;

Normally it will ask the password twice: ssh login + sudo. If you want to input it only once, try sudo without password (not recommended). <-- please read Boldewyn comment.

The main advantage is that "ssh" does not require any other parameter (as -t), and sudo is forced on server side. Also, once the script exits, the user is logged out as well.

It may not be that elegant, but its simple and works.

lepe

Posted 2010-03-09T11:59:37.153

Reputation: 356

Uh oh. Putting your remote user in the sudoers file on a server like this is a catastrophe waiting to happen. If anyone gains access as your user (e.g. via the web server), he can immediately become root. Thank you, but I was looking for solutions, that do not place my server config at odds. If you had a solution, that somehow magically re-uses the authentication from SSH for the sudo command, I'd be more interested (and perhaps would start to search for replacements for SSH...). – Boldewyn – 2015-09-07T08:24:18.893

@Boldewyn : yes, setting "sudo without password" has that security risk... its an optional step. I agree with you, if SSH could re-use the authentication, this kind of "solutions" wouldn't be required. Thanks for your comment.

– lepe – 2015-09-07T08:53:42.903

-1

You can run following command get root access without interactivity:

ssh server " sudo command" < sudopassword.txt

SilentGuy

Posted 2010-03-09T11:59:37.153

Reputation: 101

1That won't work because stdin won't be a terminal device (it will be reading from the specified file). – Anthony Geoghegan – 2016-05-04T21:47:03.673