Hey guys,
I'm trying to write a simple bash script that will cp a configuration file to a backup (with the date) remotely to a bunch of machines, using sudo with ssh.
I notice that if I run the commands individually, they both work (albeit with some strange output I'd like to suppress):
[tdunphy@MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml /tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
tcgetattr: Inappropriate ioctl for device `/data/solr-4.3.1/zoe/etc/logback.xml' -> `/tmp/logback.xml--20131007.bak'
[tdunphy@MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak
The best part of the above is that I am passing my password (secret_sauce - not my real one for obvious reasons) to sudo and having the command executed.
One thing I'd like to be able to figure out is how to suppress this message, which is a little distracting and useless to the process:
tcgetattr: Inappropriate ioctl for device
But more importantly, when I try to pop the above two working statements from the command line into a script, the following occurs:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V MIAGRBIORCA1{0..2}V
do
ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
/tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date
+%Y%m%d).bak' <<EOF
secret_sauce EOF
done
tcgetattr: Inappropriate ioctl for device `/data/solr-4.3.1/zoe/etc/logback.xml' -> `/tmp/logback.xml--20131007.bak' tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak tcgetattr: Inappropriate ioctl for device [sudo] password for tdunphy:
For some reason the <<EOF password EOF routine is not working to provide the password to sudo the way I was able to when running the commands individually.
Any thoughts on how I should be going about this?
Thanks, Tim
On Mon, Oct 7, 2013 at 10:51 PM, Tim Dunphy bluethundr@gmail.com wrote:
Hey guys,
I'm trying to write a simple bash script that will cp a configuration file to a backup (with the date) remotely to a bunch of machines, using sudo with ssh.
I notice that if I run the commands individually, they both work (albeit with some strange output I'd like to suppress):
[tdunphy@MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml /tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
tcgetattr: Inappropriate ioctl for device `/data/solr-4.3.1/zoe/etc/logback.xml' -> `/tmp/logback.xml--20131007.bak'
[tdunphy@MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak
The best part of the above is that I am passing my password (secret_sauce - not my real one for obvious reasons) to sudo and having the command executed.
One thing I'd like to be able to figure out is how to suppress this message, which is a little distracting and useless to the process:
tcgetattr: Inappropriate ioctl for device
But more importantly, when I try to pop the above two working statements from the command line into a script, the following occurs:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V MIAGRBIORCA1{0..2}V
do
ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
/tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date
+%Y%m%d).bak' <<EOF
secret_sauce EOF
done
tcgetattr: Inappropriate ioctl for device `/data/solr-4.3.1/zoe/etc/logback.xml' -> `/tmp/logback.xml--20131007.bak' tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak tcgetattr: Inappropriate ioctl for device [sudo] password for tdunphy:
For some reason the <<EOF password EOF routine is not working to provide the password to sudo the way I was able to when running the commands individually.
Any thoughts on how I should be going about this?
2 things I'd consider (and yes, before someone starts that 'that's not nearly secure enough!' debate, 1 isn't great security, but every place has different levels of acceptable, so it might pass for some while it'd never fly for others) 1. change your ID/to an ID that doesn't have to supply a password to sudo commands e.g. has the NOPASSWD option set in sudoers file. 2. change up to expect. it's a little wonky and different from other scripting languages, but it's really made for this sort of thing.
On 10/08/2013 05:47 PM, zGreenfelder wrote:
- change your ID/to an ID that doesn't have to supply a password to sudo
commands e.g. has the NOPASSWD option set in sudoers file.
I would recommend that you just give the user NOPASSWD access to the specific command(s) that you need for your remote script, rather than giving that user global NOPASSWD access.
See sudoers(5) for details.
Peter
On 10/7/2013 7:51 PM, Tim Dunphy wrote:
Any thoughts on how I should be going about this?
use ssh keys rather than password authentication.... see: man ssh-keygen
short version, on local system, run ssh-keygen to create a public and private key for the local account, and append the public key ~/.ssh/id_dsa.pub on the local system to the ~/.ssh/authorized_keys2 file on the remote system. once you've done this, ssh/scp/sftp will connect without prompting for a password.
use ssh keys rather than password authentication.... see: man ssh-keygen
hey thanks. Already using keys. It's sudo that's the blocker. Also I would use NOPASSWD on my sudo options, but there's some bureaucratic red-tape involved there. Can't really go about enabling that myself without ruffling some feathers. Otherwise thanks for the suggestions and keep 'em coming!
On Tue, Oct 8, 2013 at 1:28 AM, John R Pierce pierce@hogranch.com wrote:
On 10/7/2013 7:51 PM, Tim Dunphy wrote:
Any thoughts on how I should be going about this?
use ssh keys rather than password authentication.... see: man ssh-keygen
short version, on local system, run ssh-keygen to create a public and private key for the local account, and append the public key ~/.ssh/id_dsa.pub on the local system to the ~/.ssh/authorized_keys2 file on the remote system. once you've done this, ssh/scp/sftp will connect without prompting for a password.
-- john r pierce 37N 122W somewhere on the middle of the left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 08.Okt.2013, at 04:51, Tim Dunphy wrote:
...
But more importantly, when I try to pop the above two working statements from the command line into a script, the following occurs:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V MIAGRBIORCA1{0..2}V
do
ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
/tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date
+%Y%m%d).bak' <<EOF
secret_sauce EOF
done
tcgetattr: Inappropriate ioctl for device `/data/solr-4.3.1/zoe/etc/logback.xml' -> `/tmp/logback.xml--20131007.bak'
The cp did work, sudo accepted the password. Note that ${i} was not interpolated into the file name.
tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak
the ls did work
tcgetattr: Inappropriate ioctl for device [sudo] password for tdunphy:
But what's that? Is the password the same on all hosts, i.e. it works for one host, but not the other? Or do you have another ssh in the for loop you did not tell us about?
Try do add some debugging output with the hostname into the loop.
hey there,
Thanks for playing!
tcgetattr: Inappropriate ioctl for device
`/data/solr-4.3.1/zoe/etc/
logback.xml' -> `/tmp/logback.xml--20131007.bak'
The cp did work, sudo accepted the password. Note that ${i} was not interpolated into the file name.
Yes good point about ${i} not being interpolated. However this example is from when the command is individually executed and not as part of the script. When you pop that line into my script for some reason the password is not passed to sudo. Just something I find odd, because the syntax hasn't changed at all so why would it not work in the script?
tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak
the ls did work
Yes. Again, this happened when the command was executed individually, but NOT as part of the script.
tcgetattr: Inappropriate ioctl for device [sudo] password for tdunphy:
But what's that? Is the password the same on all hosts, i.e. it works for one host, but not the other? Or do you have another ssh in the for loop you did not tell us about?
No, the password is the same across all of the hosts in the environment. And the output that you see here is the exact same as what I was trying to run.
Try do add some debugging output with the hostname into the loop.
I added a little more debugging to the output, but otherwise the script is unchanged. As soon as you try to pass the password to sudo via the script, the password is not recognized.
Here's the most recent run of the script:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{1..9}V MIAGRBIORCA1{0..2}V
do echo "backing up the file on host: $i" ssh -q -t -t -t $i sudo -S 'cp /data/solr-4.3.1/zoe/etc/logback.xml
/home/tdunphy/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
localG30rg3T0wn EOF
echo -e "\n\n\n"
echo "listing the backup to verify success on host: $i" ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-$i-$(date
+%Y%m%d).bak' <<EOF
localG30rg3T0wn EOF sleep 2 done
backing up the file on host: MIAGRBIORCA01V tcgetattr: Inappropriate ioctl for device *[sudo] password for tdunphy:*
listing the backup to verify success on host: MIAGRBIORCA01V tcgetattr: Inappropriate ioctl for device *[sudo] password for tdunphy: *
Definitely open to any ideas at this point, this problem seems like a weird one to me!
Again, sincere thanks to anyone offering suggestions.
Tim
On Tue, Oct 8, 2013 at 7:06 AM, Markus Falb wnefal@gmail.com wrote:
On 08.Okt.2013, at 04:51, Tim Dunphy wrote:
...
But more importantly, when I try to pop the above two working statements from the command line into a script, the following occurs:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V
MIAGRBIORCA1{0..2}V
do
ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
/tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date
+%Y%m%d).bak' <<EOF
secret_sauce EOF
done
tcgetattr: Inappropriate ioctl for device `/data/solr-4.3.1/zoe/etc/logback.xml' ->
`/tmp/logback.xml--20131007.bak'
The cp did work, sudo accepted the password. Note that ${i} was not interpolated into the file name.
tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak
the ls did work
tcgetattr: Inappropriate ioctl for device [sudo] password for tdunphy:
But what's that? Is the password the same on all hosts, i.e. it works for one host, but not the other? Or do you have another ssh in the for loop you did not tell us about?
Try do add some debugging output with the hostname into the loop.
-- Markus
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
command locked "command=" ssh keys in the destination user's authkeys file, and skip sudo entirely.
On Tue, Oct 8, 2013 at 6:52 AM, Tim Dunphy bluethundr@gmail.com wrote:
hey there,
Thanks for playing!
tcgetattr: Inappropriate ioctl for device
`/data/solr-4.3.1/zoe/etc/
logback.xml' -> `/tmp/logback.xml--20131007.bak'
The cp did work, sudo accepted the password. Note that ${i} was not interpolated into the file name.
Yes good point about ${i} not being interpolated. However this example is from when the command is individually executed and not as part of the script. When you pop that line into my script for some reason the password is not passed to sudo. Just something I find odd, because the syntax hasn't changed at all so why would it not work in the script?
tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak
the ls did work
Yes. Again, this happened when the command was executed individually, but NOT as part of the script.
tcgetattr: Inappropriate ioctl for device [sudo] password for tdunphy:
But what's that? Is the password the same on all hosts, i.e. it works for one host, but not the other? Or do you have another ssh in the for loop you did not tell us about?
No, the password is the same across all of the hosts in the environment. And the output that you see here is the exact same as what I was trying to run.
Try do add some debugging output with the hostname into the loop.
I added a little more debugging to the output, but otherwise the script is unchanged. As soon as you try to pass the password to sudo via the script, the password is not recognized.
Here's the most recent run of the script:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{1..9}V MIAGRBIORCA1{0..2}V
do echo "backing up the file on host: $i" ssh -q -t -t -t $i sudo -S 'cp /data/solr-4.3.1/zoe/etc/logback.xml
/home/tdunphy/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
localG30rg3T0wn EOF
echo -e "\n\n\n"
echo "listing the backup to verify success on host: $i" ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-$i-$(date
+%Y%m%d).bak' <<EOF
localG30rg3T0wn EOF sleep 2 done
backing up the file on host: MIAGRBIORCA01V tcgetattr: Inappropriate ioctl for device *[sudo] password for tdunphy:*
listing the backup to verify success on host: MIAGRBIORCA01V tcgetattr: Inappropriate ioctl for device *[sudo] password for tdunphy: *
Definitely open to any ideas at this point, this problem seems like a weird one to me!
Again, sincere thanks to anyone offering suggestions.
Tim
On Tue, Oct 8, 2013 at 7:06 AM, Markus Falb wnefal@gmail.com wrote:
On 08.Okt.2013, at 04:51, Tim Dunphy wrote:
...
But more importantly, when I try to pop the above two working statements from the command line into a script, the following occurs:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V
MIAGRBIORCA1{0..2}V
do
ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
/tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
secret_sauce EOF
ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date
+%Y%m%d).bak' <<EOF
secret_sauce EOF
done
tcgetattr: Inappropriate ioctl for device `/data/solr-4.3.1/zoe/etc/logback.xml' ->
`/tmp/logback.xml--20131007.bak'
The cp did work, sudo accepted the password. Note that ${i} was not interpolated into the file name.
tcgetattr: Inappropriate ioctl for device -rw-r--r-- 1 root root 3372 Oct 7 22:07 /home/tdunphy/logback.xml--20131007.bak
the ls did work
tcgetattr: Inappropriate ioctl for device [sudo] password for tdunphy:
But what's that? Is the password the same on all hosts, i.e. it works for one host, but not the other? Or do you have another ssh in the for loop you did not tell us about?
Try do add some debugging output with the hostname into the loop.
-- Markus
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Billy Crook -
John R Pierce -
Markus Falb -
Peter -
Tim Dunphy -
zGreenfelder