Avoiding root password

0

I have done this modififcation:

vim /etc/sudoers
# User privilege specification
root    ALL=(ALL) NOPASSWD: ALL

When i use: 

sudo service cassandra start

it works without password. But, when i use:

script shell
ssh -t root@$machine -x "sshpass -p 'ubuntu' ssh -t ubuntu@$address -o   StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/nul -x 'sudo service cassandra start'"

i have to enter the password !

Have you please an idea why it didn't work with ssh ?

Thanks a lot for help. Best Regards.

researcher

Posted 2015-04-29T16:16:40.337

Reputation: 324

i think the topic isnt so clear, can you edit it?. – Francisco Tapia – 2015-04-29T17:41:20.637

some hint: avoid editing /etc/sudoers directly using vim. If you make a mistake, your sudo might be broken. It is better to use the visudo command. It will also edit your /etc/sudoers file, but it will do some additional syntax-checking before you can exit the program (see)

– Slizzered – 2015-04-30T18:42:55.723

Answers

0

The 'root' in the /etc/sudoers should be the ID of the user executing the commands.... In your example, this would be 'ubuntu' I believe.

You example does this:

  1. logs into $machine as root (I assuming that you've set that machine to be able to logon as root. If not, you need to adjust your pam.d settings to allow root logins via ssh. This has nothing to do with sudo).
  2. As root@#machine, your command ssh's to ubuntu@address and executes the command 'sudo service cassandra start'.

It looks by your example that you need to enable sudo for ubuntu and not root to be able to execute service commands.

Example:

# User privilege specification
ubuntu    ALL=(root) NOPASSWD: /usr/bin/service cassandra *

EDIT: I am really confused as to what you are trying to accomplish. If you are simply trying to ssh to another server and run that service command, all that is required is this in your shell script:

Your command would look like this:

sshpass -p 'ubuntu' ssh -t ubuntu@$address -o   StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/nul -x 'sudo service cassandra start'

Also, you still need to add my edits to /etc/sudoers per above to allow 'ubuntu' to execute that command.

Rob Calistri

Posted 2015-04-29T16:16:40.337

Reputation: 256

i have added ubuntu ALL=(root) NOPASSWD: /usr/bin/service cassandra * in /etc/sudoers but it mention that i have to enter the password. ubuntu@$address is a lxc container, Is that a problem ? – researcher – 2015-04-30T20:04:44.403

lxc does bring a different level of security here but I don't think that is your issue. You may want to add the -v flag to your ssh call to understand more about what you are hitting. It may give you some more details. You should also check the /var/log/auth.log to see what error is being presented there. Both of these log data would help further debug the auth failures.

Additionally, you should make sure your auth works in stages. First simply try to connect to $address with the password and then make sure the sudo works directly. If it does, try a simple ssh call without sshpass. etc. – Rob Calistri – 2015-05-01T13:13:13.283

Asked: 2015-04-29T16:16:40.337

Viewed: 193 times

Active: 2015-04-30T19:02:12.257