How to run multiple sudo commands over already opened ssh connection
You're executing the command sudo su - USER2; whoami; pwd
on the remote host. Let's decompose that:
- Commands separated by a semicolon are executed in sequence. Thus the command
sudo su - USER2
is executed first; then, when it finishes,whoami
is executed, and finallypwd
is executed. - The command
sudo su - USER2
starts a login shell as user USER2. This shell reads commands from standard input until it's told to exit (e.g. with theexit
builtin) or until it detects an end of file on standard input. Since standard input is connected to the terminal, it waits for you to type commands.
If you want to execute commands as USER2, you need to pass them as arguments to sudo
. Running su
isn't useful here, sudo already knows how to do this. You don't need the -t
option to SSH unless you want to interact with the remote commands (this includes the case when you need to type a password for sudo).
ssh -t "$remotehost" 'sudo -i -u USER2 sh -c "whoami; pwd"'
If your sudo configuration only allows you to run programs as root, not as an arbitrary user (which doesn't change anything security-wise), then you'll need to stick to sudo su
. In that case, pass the -c
option to su
to run the specified shell command.
ssh -t "$remotehost" 'sudo su -c "whoami; pwd" USER2'
If you need to read the user's .profile
, do so explicitly.
ssh -t "$remotehost" 'sudo su -c ". ~/.profile; whoami; pwd" USER2'
Alternatively, you can pass the commands as standard input to an interactive shell. The plumbing is a little delicate since ssh's standard input must remain the terminal. An advantage of this approach with a here document is that quoting in the shell command remains relatively simple: escape '
as '\''
for the remote shell, no escaping is needed for the remote shell.
ssh -t "$remotehost" 'sudo su - USER2 <<\EOF
whoami
pwd
EOF'
Related videos on Youtube
dnup1092
Working as Java Developer in one of the software firm Good in C and C++ and even made some cool stuff using those language Currently I am trying to be better at Java,Algorithm and Math.
Updated on September 18, 2022Comments
-
dnup1092 over 1 year
I am trying to navigate from one server"USER1" to another using ssh as a user "USER2".
ssh -t $hostname "sudo su - USER2; whoami; pwd"
Post executing the above, I am able to successfully navigate to the server as USER2, but the trailing commands i.e "whoami and pwd" are not getting executed.However, while exiting the ssh session USER1 is rendered in the output followed by the present working directory.
I do not want to make any changes in the ssh known hosts file.
-
Jeff Schaller almost 9 yearsThe command you wrote gives the behavior you got;
su
does not exit until you exit USER2's shell, at which point the next command(s) run (whoami
andpwd
). I don't see the "multiple sudo" commands from your post's title, though. What behavior do you want to see change?
-
-
dnup1092 almost 9 yearsAfter running the command which you have suggested got following error. sudo: no tty present and no askpass program specified I tried ssh -t "$remotehost" 'sudo -i -u USER2' and got the following error Sorry, user USER1 is not allowed to execute '/bin/ksh' as USER2 on remotehost. The restrictions are as follows I want to switch to USER2 first and then execute a set of commands on the remote host.
-
dnup1092 almost 9 yearsI don't have the privilege to change the configuration.Is there any way out
-
Gilles 'SO- stop being evil' almost 9 years@dnup1092 Then you'll need to keep using
sudo su
(see my edit). -
Jenny D almost 9 years@dnup1092 If you have the ability to use sudo to switch to root, then you have the ability to change the configuration.
-
Gilles 'SO- stop being evil' almost 9 years@JennyD The technical ability, yes, but not necessarily the bureaucratic permission.
-
dnup1092 almost 9 years@Gilles I tried out the above suggested approches and the following are the conclusions for the same:
1.ssh -t "$remotehost" 'sudo su -c "whoami; pwd" USER2' result -Sorry, user USER1 is not allowed to execute '/bin/su -c whoami; pwd USER2' as root on remotehost.' '2. ssh -t "$remotehost" 'sudo su - USER2' <<'EOF'' 'whoami' 'pwd' 'EOF' result - Pseudo-terminal will not be allocated because stdin is not a terminal. USER1@remotehost's password: sudo: no tty present and no askpass program specified
-
Jenny D almost 9 yearsStart by logging in and running
sudo -l
- that will tell you what permissions you have. -
Gilles 'SO- stop being evil' almost 9 years@dnup1092 So what permissions do you have then? Just the permission to run
su - USER2
? That's a silly configuration, but if you have to live with it, use the last alternative in my answer. -
dnup1092 almost 9 years@Gilles I have only that much of permission :) .. I executed your third option as the way you have suggested but got the following:
Pseudo-terminal will not be allocated because stdin is not a terminal
. Can you tell me what does this mean? -
Gilles 'SO- stop being evil' almost 9 years@dnup1092 Ah, I hadn't thought of that.
ssh -t
creates a terminal on the remote side; you need that to be able to type your password for sudo. But it can only do that if its standard input is the local terminal, so redirecting the input of SSH doesn't work. Instead, do the redirection inside the command executed by SSH. See my edit. -
dnup1092 almost 9 years@Gilles thanks finally got it worked as expected... JennyD thanks for your input too