Ruby script to run command as root on remote linux system

jimdeuc · April 18, 2008, 6:47pm

This is really sort of an offshoot of this thread:
http://www.ruby-forum.com/topic/150015

I WAS just trying to pass on the password to sudo being run over
Net::SSH on a remote linux server. I eventually gave up on that and set
sudo to run with no password, only to find out that does not work
either! For some reason there is a problem running sudo commands over
Net::SSH.

So I am just wonder if anybody has found ANY possible way to run remote
commands with root privileges on the remote computer.

here is my script as it is which seems to just skip over the sudo
command:

require ‘rubygems’
require ‘net/ssh’

Net::SSH.start( ‘server1’,
:username=>‘myuser’,
:password=>‘mypass’ ) do |session|

session.open_channel do |channel|
  channel.on_data do |ch, data|
    puts data
  end
  channel.exec 'touch myfile'
end
session.loop

session.open_channel do |channel|
  channel.on_data do |ch, data|
    puts data
  end
  channel.exec 'sudo touch rootfile'
end
session.loop

end

The “myfile” gets created, but the “rootfile” does not.

jimdeuc · April 18, 2008, 10:06pm

So I am just wonder if anybody has found ANY possible way to run
remote commands with root privileges on the remote computer.

If you have control over remote computer (and can live with security
implications), you could allow direct root log-in over ssh using ssh
keys…

Vlad

jimdeuc · April 19, 2008, 3:13am

From: James D. [mailto:[email protected]]

So I am just wonder if anybody has found ANY possible way to

run remote

commands with root privileges on the remote computer.

try capistrano

kind regards -botp

jimdeuc · April 19, 2008, 6:19am

Hi,

On Sat, Apr 19, 2008 at 2:48 AM, James D. [email protected] wrote:

I WAS just trying to pass on the password to sudo being run over
Net::SSH on a remote linux server. I eventually gave up on that and set
sudo to run with no password, only to find out that does not work
either! For some reason there is a problem running sudo commands over
Net::SSH.

Strange. It works for me:

Net::SSH.start ‘localhost’, :username => ‘test’, :password => ‘…’ do
|session|
?> session.open_channel do |channel|
?> channel.on_data do |ch, data|
?> puts data
end
channel.exec ‘sudo touch rootfile’
end
session.loop
end; nil
=> nil

celtic@sohma:~$ ls -l ~test
total 0
-rw-r–r-- 1 test test 0 2008-04-19 14:16 a
lrwxrwxrwx 1 test test 26 2008-04-19 14:14 Examples →
/usr/share/example-content/
-rw-r–r-- 1 root root 0 2008-04-19 14:17 rootfile
celtic@sohma:~$

Are you sure the user can always sudo without password?

Arlen

jimdeuc · April 19, 2008, 5:57am

Depends on what you ar looking to do. Do you have valid credentials on
the
remote machine? Do you need to just connect and run commands through a
script and then disconnect? Give me s few more details and Ill see what
I
can do. I have a few scripts i use but depends on what your trying to
do.

jimdeuc · April 22, 2008, 6:10am

On Fri, 18 Apr 2008 21:03:42 +0100, Vladimir K. wrote:

So I am just wonder if anybody has found ANY possible way to run remote
commands with root privileges on the remote computer.

If you have control over remote computer (and can live with security
implications), you could allow direct root log-in over ssh using ssh
keys…

Vlad

SSH also allows you to create single-purpose keys.
See http://pkeck.myweb.uga.edu/ssh/

–Ken

jimdeuc · April 22, 2008, 3:50pm

Ken B. wrote:

SSH also allows you to create single-purpose keys.
See http://pkeck.myweb.uga.edu/ssh/

–Ken

That’s all good to know. Since Arlen says it is working for him. I
think I’m going to set up another server to test this out on (I don’t
want to go much further on a production machine, probably shouldn’t have
even messed with it this much).

James

jimdeuc · April 19, 2008, 5:20pm

Securing root access using ssh keys (the other accounts are not
affected):

(look at “Method 2”):

http://www.internetservers.com/support/vds/advanced/securing_root.html

Vlad

jimdeuc · May 2, 2008, 12:01am

Ok, a little more testing, and I think I’ve found the problem. This is
in the sudoers file on RHEL 5.0 by default:
“Defaults requiretty”

So I either need to get rid of that, or somehow get ruby net-ssh to open
a tty and execute the command in that. I have no clue if the latter is
even possible, and I really don’t want to do the former, at least not
globally.

If I could remove the requiretty option for just this user, or even
better would be for just this user AND just this command, then that
would be great, and I bet possible. However, I have no idea how to
configure sudoers for that.

James