Run local scripts on multiple servers using sudo user through a script

ssh sudo root remote

7,155

Solution 1

One idea, though it might not be the best out there, is for you to configure ssh to use key based authentication instead of password authentication. This instructions should be sufficient in case you are not aware of it SSH Key Authentication

I don't know what your test script contains nor the complexity of it. let's assume that it is a fair complex script and it saves the output under /tmp/script_output/ and in this case I suggest the following:

while read -r i
do
   scp $2 admin@remote_server:/tmp/
   ssh -t admin@remote_server /tmp/$2
   ssh admin@remote_server rm /tmp/$2
   scp -r admin@remote_server:/tmp/script_output/ /tmp/
   ssh admin@remote_server rm -rf /tmp/script_output
done < "$1"

By the way, from the sudoers

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
Defaults    requiretty

Solution 2

I had the same problem some time ago. That's my solution:
https://github.com/maciejkorzen/misc-ruby/blob/master/ssh-batch-upload-sftp-and-run.rb

Download this script.
Create CSV file with names of servers and passwords (I assume that login is the same on each server).
Create script that you want to execute.
Adjust variables in my Ruby script, run it and let it do all the work for you. :-)

Solution 3

The following will allow you to execute sudo commands on multiple hosts while only having to enter your sudo password once at the beginning.

What is missing is the for loop or something that sets the HOSTS variable to the hosts you have. The script creates a file in the temp folder that contains the sudo password, but that file is deleted immediately. This allows the command to use the sudo password without it being displayed in the terminal window or in your script.

#!/bin/bash

if "something" 
 then

 else

cat > /tmp/$HOSTS-pw.sh <<EOS
#!/bin/sh
ssh user@$HOSTS sudo "your command here" <<EOC
$SUDOPW
EOC
EOS

fi

chmod 700 /tmp/$HOSTS-pw.sh
/tmp/$HOSTS-pw.sh >/dev/null
if [ -f /tmp/$HOSTS-pw.sh ]; then rm -f /tmp/$HOSTS-pw.sh; fi

echo "Enter SUDO password:"
read -s SUDOPW

for loop here!

unset SUDOPW
exit 0

7,155

Author by

SouravA

Updated on September 18, 2022

Comments

SouravA almost 2 years

I have about 100 remote servers. I want to manage all my servers using one terminal server to update , run commands with sudo privileges.

I need to have one main script that takes another test script as an argument. The main script run through a with loop using a hosts file with remote server names.

The test script has all the actual sudo commands to be run on the remote servers at once

./mainscript hostfile testscript for example, test script may have "sudo yum -y update" or a string of commands.

This seems easy if I login as root user. But I want to run this as user 'admin' who has sudo privileges on all the remote servers. All these scripts are located locally on terminal server.

Please suggest me any ideas you may have to achieve this?
- Gilles 'SO- stop being evil' over 11 years
  
  possible duplicate of Copying protected files between servers in one line?
- Gilles 'SO- stop being evil' over 11 years
  
  Also of interest: SSH + Sudo + Expect in Bash script: Run command with sudo in remote machine
- Michael Mrozek over 11 years
  
  @Gilles I'm missing something, how is this a duplicate? It seems unrelated, but has three close votes
- Gilles 'SO- stop being evil' over 11 years
  
  @MichaelMrozek On second reading, you're right. That earlier question addresses ssh sudo …, but here there's the additional difficulty of scripting over many servers.
- Gilles 'SO- stop being evil' over 11 years
  
  What is your sudo configuration? Will admin have to type a password to run sudo? If so, is this password stored in a file somewhere, or do you want to enter it interactively?
- SouravA over 11 years
  
  @Gilles I am using key based authentication on all servers and admin has sudo privileges without having to enter password on all the remote servers. Now, I need to pass a script to main script to do all the actual work.
jordanm over 11 years

I seriously doubt anyone wants to rm -rf /tmp.
Lekensteyn over 11 years

This is bad, it needs to setup a SSH session five times which takes quite some time for 100 servers. You'd better combine the commands like ssh admin@server 'cat > file && chmod +x file && ./file;rm -f file' < script >output or something like that (for chaining). Also, this answer does not answer the question with sudo.
SouravA over 11 years

Hello all, I am using key based authentication for all the logins. But I still need to know how to use sudo in this ssh command. I am using ssh -tt admin@server , it does what it need to do ,but spits out an error "tcgetattr: Inappropriate ioctl for device" . For time being , I am redirecting the error to a log error file. Also, Lekensteyn, do you think the following commmand will be helpful instead of what alexandre suggested. ssh admin@server 'cat > file && chmod +x file && ./file;rm -f file' < testscript >output
BitsOfNix over 11 years

Answering all, Corrected the rm -rf /tmp as I what I wanted was clear the script output. Add the -t to the ssh as per sudoers specification. The sudo requires tty.