Hello
I need to know a way to have scp allocate a tty on a remote machine so I can have it run sudo and activate a vpn which it will need to activate. scp with "-S" does not work. I can't chmod +s the cisco vpn client because when I try to run it it says it can not have setuser.
I could have the user scp via root but I do not want to do that.
Any way to have scp allocate a tty?
What about disabling the tty requirement for sudo with '!requiretty' in your /etc/sudoers setup?
On Mon, Oct 12, 2009 at 12:11 PM, tony.chamberlain@lemko.com wrote:
Hello
I need to know a way to have scp allocate a tty on a remote machine so I can have it run sudo and activate a vpn which it will need to activate. scp with "-S" does not work. I can't chmod +s the cisco vpn client because when I try to run it it says it can not have setuser.
I could have the user scp via root but I do not want to do that.
Any way to have scp allocate a tty?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
tony.chamberlain@lemko.com wrote:
Hello
I need to know a way to have scp allocate a tty on a remote machine so I can have it run sudo and activate a vpn which it will need to activate. scp with "-S" does not work. I can't chmod +s the cisco vpn client because when I try to run it it says it can not have setuser.
I could have the user scp via root but I do not want to do that.
Any way to have scp allocate a tty?
Why don't you set up ssh keys for a passwordless connection as the appropriate user for the file copy and avoid the problem?
I actually had to set both ssh keys and commented out the requiretty in the sudoers file.
What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into.
On Oct 13, 2009, at 11:43 AM, Les Mikesell wrote:
tony.chamberlain@lemko.com wrote:
Hello
I need to know a way to have scp allocate a tty on a remote machine so I can have it run sudo and activate a vpn which it will need to activate. scp with "-S" does not work. I can't chmod +s the cisco vpn client because when I try to run it it says it can not have setuser.
I could have the user scp via root but I do not want to do that.
Any way to have scp allocate a tty?
Why don't you set up ssh keys for a passwordless connection as the appropriate user for the file copy and avoid the problem?
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
aurfalien@gmail.com wrote:
I actually had to set both ssh keys and commented out the requiretty in the sudoers file.
What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into.
I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place. Or at least why you'd require a password for it.
Well, I noticed that ssh/scp probably requires tty and when called from a script, its not from a tty.
At least in my case which was drupal calling a script that lauched ssh, a non tty source.
I also required running privileged commands.
Mebbe you don't need all this so check your logs and see what happens.
On Oct 13, 2009, at 12:15 PM, Les Mikesell wrote:
aurfalien@gmail.com wrote:
I actually had to set both ssh keys and commented out the requiretty in the sudoers file.
What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into.
I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place. Or at least why you'd require a password for it.
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Well, I noticed that ssh/scp probably requires tty and when called from a script, its not from a tty.
At least in my case which was drupal calling a script that lauched ssh, a non tty source.
I also required running privileged commands.
Mebbe you don't need all this so check your logs and see what happens.
My last job, I was setting up rsync backups. What I did was create a user, backup, then in /etc/sudoers, have !requiretty *only* for that user. The user was also limited in what commands it could run (in that case, rsync only).
Don't forget to log in as that user first, so that you don't get the "Oh, This is a new IP, are you Sure you want to continue connecting?!?!"
mark
On Oct 13, 2009, at 12:15 PM, Les Mikesell wrote:
aurfalien@gmail.com wrote:
I actually had to set both ssh keys and commented out the requiretty in the sudoers file.
What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into.
I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place. Or at least why you'd require a password for it.
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Les Mikesell wrote:
I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place.
Perhaps he doesn't know the user@ syntax.
Tony, try this:
[localuser@host1 ~]$ ssh root@host2 remotecmd
This requires that the public key for localuser on host1 exists in host2:.ssh/authorized_keys. It also requires "PermitRootLogin yes" in /etc/ssh/sshd_config, which is unfortunately the default on CentOS. (I usually turn it off.)
Beware that this makes localuser on host1 equivalent to root on host2!
Also realize that remotecmd can be a very complex thing, not just a simple command. You can use pipes and other things through ssh.
Warren Young wrote:
Les Mikesell wrote:
[...]
This requires that the public key for localuser on host1 exists in host2:.ssh/authorized_keys. It also requires "PermitRootLogin yes" in /etc/ssh/sshd_config, which is unfortunately the default on CentOS. (I usually turn it off.)
Unfortunately? I could not live w/o it ;-)
Also realize that remotecmd can be a very complex thing, not just a simple command. You can use pipes and other things through ssh.
If using IO redirections or pipes, be sure to quote them correctly:
[localuser@host1 ~]$ ssh root@host2 remotecmd > /tmp/file
will create /tmp/file with the output of remotecmd on host1 (!), while
[localuser@host1 ~]$ ssh root@host2 remotecmd ">" /tmp/file
will create /tmp/file on host2.
Cheers
frank
-
aurfalien@gmail.com -
Frank Thommen -
Les Mikesell -
m.roth@5-cent.us -
Marc Wiatrowski -
tony.chamberlain@lemko.com -
Warren Young