CentOS - Oct 2013 - remote sudo script

Hey guys,


I'm trying to write a simple bash script that will cp a configuration file
to a backup (with the date) remotely to a bunch of machines, using sudo
with ssh.

I notice that if I run the commands individually, they both work (albeit
with some strange output I'd like to suppress):

[tdunphy at MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V  sudo -S 'cp -v
/data/solr-4.3.1/zoe/etc/logback.xml /tmp/logback.xml-${i}-$(date
+%Y%m%d).bak' <<EOF
> secret_sauce
> EOF
tcgetattr: Inappropriate ioctl for device
`/data/solr-4.3.1/zoe/etc/logback.xml' ->
`/tmp/logback.xml--20131007.bak'


[tdunphy at MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V  sudo -S 'ls -l
/home/tdunphy/logback.xml-${i}-$(date +%Y%m%d).bak'
<<EOF
> secret_sauce
> EOF
tcgetattr: Inappropriate ioctl for device
-rw-r--r-- 1 root root 3372 Oct  7 22:07
/home/tdunphy/logback.xml--20131007.bak

The best part of the above is that I am passing my password (secret_sauce -
not my real one for obvious reasons) to sudo and having the command
executed.

One thing I'd like to be able to figure out is how to suppress this
message, which is a little distracting and useless to the process:

tcgetattr: Inappropriate ioctl for device

But more importantly, when I try to pop the above two working statements
from the command line into a script, the following occurs:

[tdunphy at MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V
MIAGRBIORCA1{0..2}V
>
> do
>
> ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
/tmp/logback.xml-${i}-$(date +%Y%m%d).bak'
<<EOF
> secret_sauce
> EOF
>
> ssh -q -t -t -t $i sudo -S 'ls -l 
/home/tdunphy/logback.xml-${i}-$(date
+%Y%m%d).bak' <<EOF
> secret_sauce
> EOF
>
> done
tcgetattr: Inappropriate ioctl for device
`/data/solr-4.3.1/zoe/etc/logback.xml' ->
`/tmp/logback.xml--20131007.bak'
tcgetattr: Inappropriate ioctl for device
-rw-r--r-- 1 root root 3372 Oct  7 22:07
/home/tdunphy/logback.xml--20131007.bak
tcgetattr: Inappropriate ioctl for device
[sudo] password for tdunphy:

For some reason the <<EOF password EOF routine is not working to provide
the password to sudo the way I was able to when running the commands
individually.

Any thoughts on how I should be going about this?

Thanks,
Tim




-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

On Mon, Oct 7, 2013 at 10:51 PM, Tim Dunphy <bluethundr at gmail.com>
wrote:
> Hey guys,
>
>
> I'm trying to write a simple bash script that will cp a configuration
file
> to a backup (with the date) remotely to a bunch of machines, using sudo
> with ssh.
>
> I notice that if I run the commands individually, they both work (albeit
> with some strange output I'd like to suppress):
>
> [tdunphy at MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V  sudo -S
'cp -v
> /data/solr-4.3.1/zoe/etc/logback.xml /tmp/logback.xml-${i}-$(date
> +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> tcgetattr: Inappropriate ioctl for device
> `/data/solr-4.3.1/zoe/etc/logback.xml' ->
`/tmp/logback.xml--20131007.bak'
>
>
> [tdunphy at MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V  sudo -S
'ls -l
> /home/tdunphy/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> tcgetattr: Inappropriate ioctl for device
> -rw-r--r-- 1 root root 3372 Oct  7 22:07
> /home/tdunphy/logback.xml--20131007.bak
>
> The best part of the above is that I am passing my password (secret_sauce -
> not my real one for obvious reasons) to sudo and having the command
> executed.
>
> One thing I'd like to be able to figure out is how to suppress this
> message, which is a little distracting and useless to the process:
>
> tcgetattr: Inappropriate ioctl for device
>
> But more importantly, when I try to pop the above two working statements
> from the command line into a script, the following occurs:
>
> [tdunphy at MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V
> MIAGRBIORCA1{0..2}V
> >
> > do
> >
> > ssh -q -t -t -t $i sudo -S 'cp -v
/data/solr-4.3.1/zoe/etc/logback.xml
> /tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> >
> > ssh -q -t -t -t $i sudo -S 'ls -l 
/home/tdunphy/logback.xml-${i}-$(date
> +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> >
> > done
> tcgetattr: Inappropriate ioctl for device
> `/data/solr-4.3.1/zoe/etc/logback.xml' ->
`/tmp/logback.xml--20131007.bak'
> tcgetattr: Inappropriate ioctl for device
> -rw-r--r-- 1 root root 3372 Oct  7 22:07
> /home/tdunphy/logback.xml--20131007.bak
> tcgetattr: Inappropriate ioctl for device
> [sudo] password for tdunphy:
>
> For some reason the <<EOF password EOF routine is not working to
provide
> the password to sudo the way I was able to when running the commands
> individually.
>
> Any thoughts on how I should be going about this?
>
>
2 things I'd consider (and yes, before someone starts that 'that's
not
nearly secure enough!' debate, 1 isn't great security, but every place
has
different levels of acceptable, so it might pass for some while it'd never
fly for others)
1. change your ID/to an ID that doesn't have to supply a password to sudo
commands   e.g. has the NOPASSWD option set in sudoers file.
2. change up to expect.  it's a little wonky and different from other
scripting languages, but it's really made for this sort of thing.

-- 
Even the Magic 8 ball has an opinion on email clients: Outlook not so good.

On 10/7/2013 7:51 PM, Tim Dunphy wrote:
> Any thoughts on how I should be going about this?
use ssh keys rather than password authentication....  see: man ssh-keygen

short version, on local system, run ssh-keygen to create a public and 
private key for the local account, and append the public key 
~/.ssh/id_dsa.pub on the local system to the ~/.ssh/authorized_keys2 
file on the remote system.  once you've done this, ssh/scp/sftp will 
connect without prompting for a password.



-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast

On 08.Okt.2013, at 04:51, Tim Dunphy wrote:

...
> But more importantly, when I try to pop the above two working statements
> from the command line into a script, the following occurs:
> 
> [tdunphy at MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V
MIAGRBIORCA1{0..2}V
>> 
>> do
>> 
>> ssh -q -t -t -t $i sudo -S 'cp -v
/data/solr-4.3.1/zoe/etc/logback.xml
> /tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
>> secret_sauce
>> EOF
>> 
>> ssh -q -t -t -t $i sudo -S 'ls -l 
/home/tdunphy/logback.xml-${i}-$(date
> +%Y%m%d).bak' <<EOF
>> secret_sauce
>> EOF
>> 
>> done
> tcgetattr: Inappropriate ioctl for device
> `/data/solr-4.3.1/zoe/etc/logback.xml' ->
`/tmp/logback.xml--20131007.bak'
The cp did work, sudo accepted the password.
Note that ${i} was not interpolated into the file name.
> tcgetattr: Inappropriate ioctl for device
> -rw-r--r-- 1 root root 3372 Oct  7 22:07
> /home/tdunphy/logback.xml--20131007.bak
the ls did work
> tcgetattr: Inappropriate ioctl for device
> [sudo] password for tdunphy:
But what's that?
Is the password the same on all hosts, i.e. it works for one host, but not the
other?
Or do you have another ssh in the for loop you did not tell us about?

Try do add some debugging output with the hostname into the loop.

-- 
Markus