48

I have an interactive shell script, that at one place needs to ssh to another machine (Ubuntu based) and execute something as root (the user should enter his password, but the remote command should run like noted in the script):

# ...
ssh remote-machine 'sudo ls'
# ...

However, I always get this error message back:

sudo: no tty present and no askpass program specified

OK, that's quite clear. But how can I circumvent this? Something like this should happen:

$ ssh remote-machine 'sudo ls /'
[sudo] password for user1:

/bin
/etc
/var
wonea
  • 1,817
  • 1
  • 23
  • 42
Boldewyn
  • 4,328
  • 5
  • 38
  • 52

3 Answers3

55

The wondrous ssh has a cure for everything. The point is to add the -t flag to force ssh to allocate a pseudo-tty:

ssh -t remote-server 'sudo ls'
Boldewyn
  • 4,328
  • 5
  • 38
  • 52
  • 1
    PTYs can mess things up with scripts, however. `ls` output will contain \r\n endings for example. – Tobu Jun 14 '10 at 18:58
  • 1
    The easy way around that is to force ls into non-terminal mode. `ls | cat` will do - it'll see that stdout is a pipe. In this specific question, that's not relevant, as it's apparently intended to be run interactively from a terminal - so you probably want the columns and colours and whatnot. – Gabe Apr 26 '13 at 08:31
0

This method will run a single script using sudo after ssh:

Let's assume we have a "remote" user with sudo capabilities and we have a script we want it to execute as root.

1) Set a script in /etc/passwd to be used on login:

remote:x:1100:1100:Some Remote User,,,:/home/remote:/home/remote/login.sh

2) Inside "login.sh", we execute the script we want to run as "sudo":

#!/bin/bash
if [ "$(id -u)" != "0" ]; then
    #Not running as root, so we execute "sudo"
    sudo /usr/local/bin/script.sh
else
    #We are already rooted, so "sudo" is not required.
    /usr/local/bin/script.sh
fi
exit;

Normally it will ask the password twice: ssh login + sudo. If you want to input it only once, try sudo without password (not recommended). <-- please read Boldewyn comment.

The main advantage is that "ssh" does not require any other parameter (as -t), and sudo is forced on server side. Also, once the script exits, the user is logged out as well.

It may not be that elegant, but its simple and works.

lepe
  • 588
  • 8
  • 15
  • Uh oh. Putting your remote user in the `sudoers` file on a server like this is a catastrophe waiting to happen. If anyone gains access as your user (e.g. via the web server), he can *immediately* become root. Thank you, but I was looking for solutions, that do not place my server config at odds. If you had a solution, that somehow magically re-uses the authentication from SSH for the `sudo` command, I'd be more interested (and perhaps would start to search for replacements for SSH...). – Boldewyn Sep 07 '15 at 08:24
  • @Boldewyn : yes, setting "sudo without password" has [that security risk](http://security.stackexchange.com/questions/45712/how-secure-is-nopasswd-in-passwordless-sudo-mode)... its an optional step. I agree with you, if SSH could re-use the authentication, this kind of "solutions" wouldn't be required. Thanks for your comment. – lepe Sep 07 '15 at 08:53
-1

You can run following command get root access without interactivity:

ssh server " sudo command" < sudopassword.txt
SilentGuy
  • 101
  • 1