How to run sudo commands remotely via ssh -t?

ssh shell-script sudo
16,018

Maybe disabling the requiretty option in sudoers and running ssh without the -t flag (or with -T) works.

Add something like this to sudoers (untested):

Defaults:{your ssh user} !requiretty

Combine that with the NOPASSWD you're already using and you should be able to run the sudo command without a pseudo-tty allocated.

You could also change requiretty for the command instead of the user.

Share:
16,018

Related videos on Youtube

Alex Bonta
Author by

Alex Bonta

I am a systems administrator that loves Linux, Solaris, and all forms of open source software. I love them because of the freedom and creativity they provide to a systems administrator. I have an eclectic skillset and background that has gotten past employers out of some tough jams or gain competitive advantages. My natural creativity and drive for innovation has helped bring fresh insight to teams. I work hard, I share well, and hold myself to high ethical standards.

Updated on September 18, 2022

Comments

  • Alex Bonta
    Alex Bonta over 1 year

    I have a script that logs into a remote host via ssh -t and uses sudo service foo restart.

    The requirement is to avoid the prompt for a password on the remote host. The remote host authenticates via SSH certificate. The sudoers file on the remote host allows that user to execute the service command with NOPASSWD.

    However, during my tests, I'm prompted for a password and this is unacceptable. If I run this manually without the -t flag, it works. However the -t flag throws everything off.

    Is there a way around this?

    • Admin
      Admin almost 11 years
      What do the authentication logs say? Typically auth.log or secure in /var/log.
    • Admin
      Admin almost 11 years
      Are you sure that NOPASSWD is set? Remember that only the last match in sudoers counts. Also remember that if sudo doesn't prompt you for a password, it can be because of the cache, so make sure to flush it before each test with sudo -k.
    • Admin
      Admin over 7 years
      What is the contents of the NOPASSWD line? Why is -t needed? Another option is to create a key for just that command, going directly to root , and use the command="" parameter in the authorized_keys file. (passswordless SSH keys allowing for a full root login can be a huge security risk...)
  • Alex Bonta
    Alex Bonta almost 11 years
    We already have the ssh keys in their proper place. That part works. There's something about how ssh -t created a pseudotty that is affecting my ability to execute sudo commands where the user has NOPASSWD enabled. What's happening is that this script logs into a server, parses a list of severs that are our middleware servers, then does a ssh -t "sudo service middleware restart" operation via shell script. The problem is that when the script iterates through the list, user is prompted for password despite NOPASSWD set in the sudoers file.
  • Ragnar Lodbrog
    Ragnar Lodbrog about 8 years
    But you need key pair for it, if key pair with passphrase, you can use keychain

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Check the status of many remote servers
How to use SSH to run a shell script on a remote machine?
Use JSch sudo example and Channel.setPty for running sudo command on remote host
make git clone with sudo
Allow bash script to be run as root, but not sudo
X11 connection rejected because of wrong authentication when using sudo
How do I transfer files over ssh after sudo?
Get current ssh session's originating IP without being superuser
How do I prevent git from requiring sudo on every git command
Exit from both root and user with one command