4

I want to run a series of sudo-elevated commands on a remote machine from an embedded script. To simplify the question, I'm just trying to run sudo id and get it to tell me that it's root.

I am encountering "sudo: sorry, you must have a tty to run sudo" when I run this script:

#!/bin/bash
ssh -t 192.168.1.100<<EOF
sudo id
EOF

But not when I run this:

#!/bin/bash
ssh -t 192.168.1.100 sudo id

How do I get the first one, with the end-of-file designations for an embedded script to respect the forced tty at the other end of the SSH?

Andy
  • 49
  • I can't change the /etc/sudoers to remove the requiretty and I'm required to use a password to elevate with sudo. – Andy Jun 11 '14 at 22:54
  • also, I am already using the -t option on my ssh, it just that the embedded script within the EOF tags isn't respecting the forced tty – Andy Jun 11 '14 at 22:55

1 Answers1

2

With the first one there is no tty for ssh since stdin is not connected to the terminal, it is a here file. In fact if I try to run a similar command (on Debian) I get the following error:

Pseudo-terminal will not be allocated because stdin is not a terminal.

To get it to work you can do something like:

ssh -tt 192.168.1.100 <<EOF
sudo -S id
password
EOF

Although this is not a good idea since the password will be in plain text.

Update

I stumbled across an easy solution to this that avoids encoding the password in plain text, you can use a graphical program to enter the password:

ssh -X 192.168.1.100 <<EOF
SUDO_ASKPASS=/usr/lib/ssh/x11-ssh-askpass sudo -A id
EOF

Of course the ssh-askpass program must be installed in the given location and you must be running an X session on the machine you are working on. There are a few variations on the ssh-askpass program which should also work (Gnome/KDE versions). Also a graphical sudo replacement program like gksu or kdesudo should do the job too.

Community
  • 1
Graeme
  • 34,027
  • That doesn't work for me either. I get tcgetattr: Inappropriate ioctl for device – Andy Jun 11 '14 at 22:35
  • @Andy, yes, it will since there is no actual terminal but sudo still tries to read the password form it. It is possible to use -S to make it read the password from stdin (not recommended though), see my edit. – Graeme Jun 11 '14 at 22:39
  • It also outputs the password in clear text and still doesn't run the command. – Andy Jun 11 '14 at 22:41
  • @Andy, I had the same effect, yes. It did run the command though. – Graeme Jun 11 '14 at 22:42
  • The answer suggested at http://serverfault.com/questions/479553/run-multiple-commands-over-ssh-as-sudo works for a simple command (like sudo id), but for my more complex scripts, it doesn't interpret correctly. – Andy Jun 11 '14 at 22:48
  • Displaying the password in clear text either in the script or in the stdout doesn't work for me. I'm fine with it prompting me for my password again to elevate my priveleges "[sudo] password for user:" – Andy Jun 11 '14 at 22:49
  • @Andy, for this I was just trying to show why the here file approach wasn't working and why it isn't really a good idea anyway. I can't suggest a better solution without knowing more about what you are trying to do. Although you can also have something like ssh -t host 'sudo id; echo "non-root command"; sudo echo "another root command"' in addition to using bash -c. The trick is usually just to make sure things are correctly quoted. – Graeme Jun 11 '14 at 23:14
  • I understand. Thanks for the suggestion. My script was already written to use ssh root@host, but they took root access away and forced me to use sudo. so I'm trying to substitute in the sudo commands for a variety of system checks. simple things, like looking for certain users in the /etc/sudoers file. Most of the script runs fine as myself, but for those few places I need to escalate, I have to use sudo. – Andy Jun 11 '14 at 23:37
  • @Andy, updated with a possible way to work around this. – Graeme Jun 19 '14 at 08:45
  • Thanks for the update. It's not going to work for me as I can't install things on the remote system, but it's an interesting solution to the problem. – Andy Jun 23 '14 at 21:49