pass a password to sudo su

bash shell ssh remote-access sudo

8,980

Solution 1

You setup password-less ssh to localhost as user xyzuser for abcuser to achieve what you're trying. You'll need to add abcuser's public key as an authorized_key for xyzuser.

Then when you're logged in as abcuser, you can do:

ssh xyzuser@localhost do_something_as_xyzuser

If you've blocked ssh access to xyzuser, allow it only through loopback. If you're on linux, see your /etc/security/access.conf or equivalent on how to do that.

Solution 2

Drop using su and configure sudo with the correct permissions. That involves editing /etc/sudoers and adding entry for allowing a user to execute a command without providing a password.

You could either make it a bit advanced

User_Alias SCRIPT_USER johndoe
Cmnd_Alias SCRIPT_PATH /usr/local/bin/myscript.sh

SCRIPT_USER ALL = NOPASSWD: SCRIPT_PATH

Or acquire the same thing with a single line.

johndoe ALL = NOPASSWD: /usr/local/bin/myscript.sh

Solution 3

I highly suggest that you use the solution proposed by @pkhamre (properly configured sudoers file). It is the best option, and gives the administrator maximum control.

If that is not achievable then I suggest that you use the solution of @skjaidev (ssh authorized_keys). This does not require you to have admin permissions, only access to both accounts, so may be suitable for more cases.

But if for some reason neither of those solutions works for you...

Then you want to use expect for this. It's probably already on your machine. It's the standard tool for any kind of interactive command-line automation.

8,980

Author by

J0k3r

Updated on September 18, 2022

Comments

J0k3r over 1 year
I wanted to sudo to different user after ssh'ing into remote server, for this i tried the following:
```
cat remote-test.sh
ssh -t -t [email protected] 'bash -s' << EOF
  /tmp/test.sh
EOF
```
when i execute the remote-test.sh from development-server.net, I wanted to ssh to test-server.net as abcuser and then sudo as xyzuser .
```
cat /tmp/test.sh

echo "password" | sudo -S su - xyzuser
cd /tmp/some/directory
```
Can someone please advice how to pass a password while doing sudo su in a script.
- Admin almost 12 years
  
  With sudo-privileges, the command is executed as root; sudo su [username] shouldn't require a password. It would be the same as, while logged in as root, running su [username].
- c0mrade almost 12 years
  
  @newfurniturey you do get prompted for password when doing sudo command
- Admin almost 12 years
  
  @ant it depends on the sudo config, of course... Perhaps you should just configure sudo to allow the remote user to run that one command as the other user with NOPASSWD. See man sudoers for details.
- c0mrade almost 12 years
  
  @FatalError true story, I was referring to the default behavior (should have mentioned that perhaps).
- Admin almost 12 years
  
  any idea how to sudo to remote user(xyzuser) after i ssh as abcuser by passing the password along with the sudo command.
- Admin almost 12 years
  
  @phani, Hi. Did you find out the solution for this? Thank you in advance for responding
Admin almost 12 years

so you are basically suggesting to use private key.
MadHatter almost 12 years

Yes, that's what he's suggesting. Allowing your initial user to ssh directly to [email protected] via a pre-authorised keypair is a great deal less insecure than embedding passwords in scripts and trying to pass them to sudo.
pkhamre almost 12 years

OP does not have problems with accessing the server remotely, but needs to raise privileges after logging in.
jman almost 12 years

@pkhamre, am just looking at the end goal.