pass a password to sudo su
Solution 1
You setup password-less ssh to localhost as user xyzuser
for abcuser
to achieve what you're trying. You'll need to add abcuser
's public key as an authorized_key for xyzuser
.
Then when you're logged in as abcuser
, you can do:
ssh xyzuser@localhost do_something_as_xyzuser
If you've blocked ssh access to xyzuser
, allow it only through loopback. If you're on linux, see your /etc/security/access.conf
or equivalent on how to do that.
Solution 2
Drop using su
and configure sudo with the correct permissions. That involves editing /etc/sudoers
and adding entry for allowing a user to execute a command without providing a password.
You could either make it a bit advanced
User_Alias SCRIPT_USER johndoe
Cmnd_Alias SCRIPT_PATH /usr/local/bin/myscript.sh
SCRIPT_USER ALL = NOPASSWD: SCRIPT_PATH
Or acquire the same thing with a single line.
johndoe ALL = NOPASSWD: /usr/local/bin/myscript.sh
Solution 3
I highly suggest that you use the solution proposed by @pkhamre (properly configured sudoers file). It is the best option, and gives the administrator maximum control.
If that is not achievable then I suggest that you use the solution of @skjaidev (ssh authorized_keys). This does not require you to have admin permissions, only access to both accounts, so may be suitable for more cases.
But if for some reason neither of those solutions works for you...
Then you want to use expect for this. It's probably already on your machine. It's the standard tool for any kind of interactive command-line automation.
J0k3r
Updated on September 18, 2022Comments
-
J0k3r over 1 year
I wanted to sudo to different user after ssh'ing into remote server, for this i tried the following:
cat remote-test.sh ssh -t -t [email protected] 'bash -s' << EOF /tmp/test.sh EOF
when i execute the remote-test.sh from development-server.net, I wanted to ssh to test-server.net as abcuser and then sudo as xyzuser .
cat /tmp/test.sh echo "password" | sudo -S su - xyzuser cd /tmp/some/directory
Can someone please advice how to pass a password while doing sudo su in a script.
-
Admin almost 12 yearsWith sudo-privileges, the command is executed as root;
sudo su [username]
shouldn't require a password. It would be the same as, while logged in as root, runningsu [username]
. -
c0mrade almost 12 years@newfurniturey you do get prompted for password when doing
sudo command
-
Admin almost 12 years@ant it depends on the sudo config, of course... Perhaps you should just configure sudo to allow the remote user to run that one command as the other user with NOPASSWD. See
man sudoers
for details. -
c0mrade almost 12 years@FatalError true story, I was referring to the default behavior (should have mentioned that perhaps).
-
Admin almost 12 yearsany idea how to sudo to remote user(xyzuser) after i ssh as abcuser by passing the password along with the sudo command.
-
Admin almost 12 years@phani, Hi. Did you find out the solution for this? Thank you in advance for responding
-
-
Admin almost 12 yearsso you are basically suggesting to use private key.
-
MadHatter almost 12 yearsYes, that's what he's suggesting. Allowing your initial user to ssh directly to [email protected] via a pre-authorised keypair is a great deal less insecure than embedding passwords in scripts and trying to pass them to
sudo
. -
pkhamre almost 12 yearsOP does not have problems with accessing the server remotely, but needs to raise privileges after logging in.
-
jman almost 12 years@pkhamre, am just looking at the end goal.