How do I run bash scripts as root over SSH?

3

I have a number of centralized scripts, which install certain pieces of middleware (for example JBoss-AS, JBoss-EWS, etc). The idea is to use expect to write a script which runs the script (which can contain serveral commands and if ... then ... else, as well as loop structures) on another server, under an other user.

What I need is an expect script which executes something like this:

central $ ssh <user>@<remote> "sudo local-script"

I have tried to pipe things in like cat local-script | ssh -t <user>@<remote> sudo, but sudo won't allow this. When I get the above sequence, i.e. run sudo local-script through a ssh channel, then I can use autoexpect to generate an expect file which works (also things like ssh -t <user>@<remote> sudo < cat local-script doesn't work.

I know you can use this to run commands that are on the remote server, so that is not my question.

Since most of the install scripts we use need root permissions, and because you do not use NOPASSWD for root for obvious reasons, is this possible, and how?

Willem

Posted 2011-10-31T14:20:15.807

Reputation: 379

1Just a notice: < cat local-script is not the correct syntax for redirection; drop the cat. – Daniel Andersson – 2012-06-01T06:45:54.613

Answers

3

Create a dedicated user account on the server just to use for this purpose. Configure /etc/sudoers on the server so that the only commands the dedicated user account can run are the ones you desire. Also configure /etc/sudoers on the server so the dedicated user account doesn't require a password to use sudo. Then ssh to the server as the dedicated user and run sudo to execute the desired commands as root.

Fran

Posted 2011-10-31T14:20:15.807

Reputation: 4 774

0

Can't you prepend "sudo" and the password to the stuff that gets piped into ssh? I've done this before when remote driving interfaces with expect.

pjc50

Posted 2011-10-31T14:20:15.807

Reputation: 5 786

0

For a pragmatic solution: you could use a temporary remote file.

Your script would then

  1. scp the script file to remote /tmp/randomfilename.
  2. ssh -t user@remote sudo sh /tmp/randomfilename

In its naïvety, this is an obvious security risk since the contents of /tmp/randomfilename could be changed by the scp user, but if it concerns local operations, in practice this should be of no concern (unless you don't trust the local user, but then you have other, greater problems, I believe :-) ).

Daniel Andersson

Posted 2011-10-31T14:20:15.807

Reputation: 20 465

Asked: 2011-10-31T14:20:15.807

Viewed: 3 410 times

Active: 2013-07-23T13:49:56.710