Running a script file over ssh through sudo

bash ssh sudo here-document

5,905

Solution 1

I have figured out soon after posting.

COMMAND_SSH="sudo -i <<'EOF'"`cat ./unifyServiceNode.sh``echo -e '\nEOF'` ;;

ssh -n -tt centos@$HOST "$COMMAND_SSH"; ## -n prevents reading the input. -tt forces TTY.

The extra 's around the SSH command were the issue it seems, and I also needed to make the newline through echo.

I am not quite sure if that's just a lucky hack or the right way to do it, though. To be honest, I am completely lost in Bash's quotes evaluation :)

Solution 2

Your current method is very convoluted, which is what's making it difficult to work with.
This can instead be simplified to:

ssh -i $AWS_KEY centos@$HOST sudo sh < ./unifyServiceNode.sh

5,905

Author by

Ondra Žižka

I am. (See my LinkedIn profile. Open to job offers for USA, Germany, Austria, Switzerland). 2012 update: I'm a company-man, a team-player, a paradigm-shifter and a core-competancy-synergizer. :) PS: I worked for Red Hat / JBoss, so my answers may be biased. Currently work for Swiss Re.

Updated on September 18, 2022

Comments

Ondra Žižka over 1 year

I can log in to a remote machine as a user who can do sudo su -. I can't login as root.

I have a script locally that I want to run at the remote machine. Also, the script is sent there trough another script.

I can't figure out how. I've red quite a few Q&A's here but no success. The closest I have:

COMMAND_SSH="sudo -i <<\'EOF\'"`cat ./unifyServiceNode.sh`"\\nEOF\\n" ;;
...
while read HOST; do
  echo -e "\n\n======== $USER_@$HOST <-- $COMMAND_SSH =================\n\n";
  ssh -n -tt centos@$HOST "'$COMMAND_SSH'";
done < hosts.txt

This ends up with this output:

======== [email protected] <-- sudo -i <<\'EOF\'
##
##  Creates a few links and scripts to unify the nodes maintainance.
##

  BB="/bb"
  NAME="bpds-api"
  NAME2="bpds-"

  mkdir -p $BB
  ln -s /opt/$NAME/logs/*.log $BB/log
  ln -s /opt/$NAME/conf/api/$NAME.yml $BB/conf.yml || ln -s /opt/$NAME/conf/api/$NAME2.yml $BB/conf.yml
  echo "systemctl \${1:-restart} "${@:2}" $NAME" > $BB/Sys
  echo "tail -\${1:-500f} $BB/log" > $BB/Tail
  echo "nano $BB/conf.yml" > $BB/Conf
  chmod a+x $BB/Sys $BB/Tail $BB/Conf
  echo "export PATH=\$PATH:$BB" >> ~/.bashrc
EOF
 =====================================


bash: sudo -i <<\EOF': command not found
bash: line 14: /bb/Sys: Permission denied
bash: line 15: /bb/Tail: Permission denied
bash: line 16: /bb/Conf: Permission denied
chmod: changing permissions of ‘/bb/Sys’: Operation not permitted
chmod: changing permissions of ‘/bb/Tail’: Operation not permitted
chmod: changing permissions of ‘/bb/Conf’: Operation not permitted
bash: -c: line 18: unexpected EOF while looking for matching `''
bash: -c: line 19: syntax error: unexpected end of file
Connection to somehost.com closed.

This is the "closest" because it sees the individual commands but is not under sudo, because the first line's <<EOF isn't (un)escaped properly.

**How should I execute an arbitrary script under sudo over ssh?"

Kusalananda about 6 years

Why do you want to put a command in a variable?

Ondra Žižka about 6 years

Doesn't work in my case. For ssh to run sudo, it needs -tt, otherwise I get sudo: sorry, you must have a tty to run sudo. And if I use -tt, then < redirection is ignored.
Ondra Žižka about 6 years

Sure, but I wanted to do this in one step. Ideal would be some kind of scpAndRun command.
Ondra Žižka about 6 years

Regarding commands in variables - I have a 2 pass script that creates the command in one part, and the way to execute it on remote servers is in other part. Is there other mechanism for that than a variable which I could use in one step with ssh?
Timur Bakeyev about 5 years

you can overcome the requirement for TTY by setting in the sudoers file: requiretty=off. If set, sudo will only run when the user is logged in to a real tty. When this flag is set, sudo can only be run from a login session and not via other means such as cron(8) or cgi-bin scripts. This flag is off by default.