Greetings All- I'm about to embark on some remote management testing and need a way to login to a remote system running CentOS 4.x/5.x via SSH, su to root (using a password), then execute a command. I currently login to the boxes using key based SSH like this: ssh -i ~/remote_key admin@$REMOTEIP Then, I SU to root. However, if I try to do this automatically like this: ssh -i ~/remote_key admin@$REMOTEIP 'su -l' I'm getting: "standard in must be a tty" So, how am I able to remote login using SSH, su to root, then execute a command as root? All comments and suggestions welcome. Thanks! --Tim
On 3 March 2010 21:20, Tim Nelson <tnelson at rockbochs.com> wrote:> Greetings All- > > I'm about to embark on some remote management testing and need a way to login to a remote system running CentOS 4.x/5.x via SSH, su to root (using a password), then execute a command. > > I currently login to the boxes using key based SSH like this: > > ssh -i ~/remote_key admin@$REMOTEIP > > Then, I SU to root. However, if I try to do this automatically like this: > > ssh -i ~/remote_key admin@$REMOTEIP 'su -l' > > I'm getting: > > "standard in must be a tty" > > So, how am I able to remote login using SSH, su to root, then execute a command as root? > > All comments and suggestions welcome. Thanks! > > --Tim > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Best off configuring sudo for that user (with no password) and make sure that user has !requiretty in the sudoers configuration. James
Tim Nelson wrote:> So, how am I able to remote login using SSH, su to root, then execute a command as root? >You would probably be better off setting up forced-commands-only only login for root. and configuring the /root/.ssh/authorized_keys file with the command you want to execute. -- Benjamin Franz
On Wednesday 03 March 2010 16:20:21 Tim Nelson wrote:> Greetings All- > > I'm about to embark on some remote management testing and need a way to > login to a remote system running CentOS 4.x/5.x via SSH, su to root (using > a password), then execute a command. > > I currently login to the boxes using key based SSH like this: > > ssh -i ~/remote_key admin@$REMOTEIP > > Then, I SU to root. However, if I try to do this automatically like this: > > ssh -i ~/remote_key admin@$REMOTEIP 'su -l' > > I'm getting: > > "standard in must be a tty" > > So, how am I able to remote login using SSH, su to root, then execute a > command as root? > > All comments and suggestions welcome. Thanks! > > --Tim > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >You could use an expect script to ssh to the box then su to root with the password. You can have the script ask for the password so it is not hard coded or used on the command line. Expect can allow you to interact with the shell once you have su'd. I have used a combination of bash and expect scripting to get stats from multiple boxes and it works a treat. If you need more details/help, let me know. John
Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 ----- "Jeremy Rosengren" <jeremy.rosengren at gmail.com> wrote:>> On Wed, Mar 3, 2010 at 3:36 PM, James Hogarth < james.hogarth at gmail.com > wrote: >> On 3 March 2010 21:20, Tim Nelson < tnelson at rockbochs.com > wrote: > > Greetings All- > > > > I'm about to embark on some remote management testing and need a way to login to a remote system running CentOS 4.x/5.x via SSH, su to root (using a password), then execute a command. > > > > I currently login to the boxes using key based SSH like this: > > > > ssh -i ~/remote_key admin@$REMOTEIP > > > > Then, I SU to root. However, if I try to do this automatically like this: > > > > ssh -i ~/remote_key admin@$REMOTEIP 'su -l' > > > > I'm getting: > > > > "standard in must be a tty" > > > > So, how am I able to remote login using SSH, su to root, then execute a command as root? > > > > All comments and suggestions welcome. Thanks! > > > > --Tim > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > Best off configuring sudo for that user (with no password) and make > sure that user has !requiretty in the sudoers configuration. > > James >> _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos>Does "ssh -t" help? YESS. It prevents the tty error from showing up and asks me for a password as expected. BUT, how do I then automate the entering of the password? John Kennedy mentioned using expect which I've used before but found it to be 'finnicky'. I may have to look at it again... Changing settings such as sudo configuration or ssh config may be daunting since I have a large number of systems(150+) that would need to be modified. :-/ --Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100303/7f01aadc/attachment-0002.html>
Tim Nelson wrote:> YESS. It prevents the tty error from showing up and asks me for a password > as expected. BUT, how do I then automate the entering of the password? > > John Kennedy mentioned using expect which I've used before but found it to > be 'finnicky'. I may have to look at it again... > > Changing settings such as sudo configuration or ssh config may be daunting > since I have a large number of systems(150+) that would need to be modified. > :-/Just login as root with ssh keys? If you needed to somehow block brute force cracking attacks against the root account either globally disable password auth, or it appears you can use the option "PermitRootLogin without-password" to restrict remote root logins via SSH to keys only. I haven't tried this option myself. nate
Tim Nelson wrote:> > > Tim Nelson > Systems/Network Support > Rockbochs Inc. > (218)727-4332 x105 > > ----- "Jeremy Rosengren" <jeremy.rosengren at gmail.com> wrote: > > > > On Wed, Mar 3, 2010 at 3:36 PM, James Hogarth > <james.hogarth at gmail.com <mailto:james.hogarth at gmail.com>> wrote: > > > > > On 3 March 2010 21:20, Tim Nelson <tnelson at rockbochs.com > <mailto:tnelson at rockbochs.com>> wrote: > > > Greetings All- > > > > > > I'm about to embark on some remote management testing and need > a way to login to a remote system running CentOS 4.x/5.x via SSH, > su to root (using a password), then execute a command. > > > > > > I currently login to the boxes using key based SSH like this: > > > > > > ssh -i ~/remote_key admin@$REMOTEIP > > > > > > Then, I SU to root. However, if I try to do this automatically > like this: > > > > > > ssh -i ~/remote_key admin@$REMOTEIP 'su -l' > > > > > > I'm getting: > > > > > > "standard in must be a tty" > > > > > > So, how am I able to remote login using SSH, su to root, then > execute a command as root? > > > > > > All comments and suggestions welcome. Thanks! > > > > > > --Tim > > > _______________________________________________ > > > CentOS mailing list > > > CentOS at centos.org <mailto:CentOS at centos.org> > > > http://lists.centos.org/mailman/listinfo/centos > > > > > > > > Best off configuring sudo for that user (with no password) and make > > sure that user has !requiretty in the sudoers configuration. > > > > James > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org <mailto:CentOS at centos.org> > > http://lists.centos.org/mailman/listinfo/centos > > > > > Does "ssh -t" help? > > YESS. It prevents the tty error from showing up and asks me for a > password as expected. BUT, how do I then automate the entering of the > password? > > John Kennedy mentioned using expect which I've used before but found > it to be 'finnicky'. I may have to look at it again... > > Changing settings such as sudo configuration or ssh config may be > daunting since I have a large number of systems(150+) that would need > to be modified. :-/ > > --Tim > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >I found that Python expect is far more logical and understandable for complex tasks than the expect command. ChrisG
From: Tim Nelson <tnelson at rockbochs.com>> I'm about to embark on some remote management testing and need a way to login to > a remote system running CentOS 4.x/5.x via SSH, su to root (using a password), > then execute a command.Maybe try /etc/securetty JD