I am developping and application that connect through ssh to a host and
then try to launch a command with sudo.
I am using the net/ssh library, and I use the key-rsa authentication to
connect (so no password needed).
Net::SSH.start(host.name) do |session|
shell = session.shell.sync
shell.send_command(“sudo ps -ef”)
shell.exit
end
end
So the code is locked to the send_command as the host is waiting me to
fill the password. But I don’t find anyway of filling it. “.send_data”
doesn’t work.
If you are truly using key authentication, you should not be prompted
for a
password. Since you are being prompted, you will either need to use a
“here” document or expect to provide the password.
If you are truly using key authentication, you should not be prompted for a
password. Since you are being prompted, you will either need to use a
“here” document or expect to provide the password.
The problem is that his script is waiting for the sudo password, not the
ssh password.
You can set the sudoers file to not require a password for certain users
(or groups, or commands, whatever) with the NOPASSWD flag. Check the
sudoers man page for more.
fill the password. But I don’t find anyway of filling it. “.send_data”
doesn’t work.
Did I missed something ?
The host is waiting for the ssh password or the sudo password? It may
not
meet your security requirements, but you could configure sudoers to
allow
that one user to run that small number of commands without a password:
Hi all,
Thanks for your answers. The script was waiting for the sudo password.
I thought there was a way to provide the password manually with ruby but
it seems that there is not.
So I modified the sudoers for not asking password.
there is a way to pass the password in using sudo. I forget the
syntax but the man page should have it. If you’re still curious
tomorrow, I’ll dig up some code I wrote to do exactly this.
fill the password. But I don’t find anyway of filling it. “.send_data”
doesn’t work.
Did I missed something ?
The host is waiting for the ssh password or the sudo password? It may
not
meet your security requirements, but you could configure sudoers to
allow
that one user to run that small number of commands without a password:
there is a way to pass the password in using sudo. I forget the
syntax but the man page should have it. If you’re still curious
tomorrow, I’ll dig up some code I wrote to do exactly this.
FWIW, I can’t for the life of me find any options in man sudo (on an
Ubuntu Dapper) which allows the password to be given as an arg. The
only possibility might the the -a option
-a The -a (authentication type) option causes sudo to use the specified
authentication type when validating the user, as allowed by
/etc/login.conf. The system administrator may specify a list of
sudo-specific authentication methods by adding an “auth-sudo”
entry
in /etc/login.conf. This option is only available on systems
that support
BSD authentication where sudo has been configured with the
–with-bsdauth option.
This MAY allow it but it seems to require a specific system
configuration.
there is a way to pass the password in using sudo. I forget the
syntax but the man page should have it. If you’re still curious
tomorrow, I’ll dig up some code I wrote to do exactly this.
Matt
On my system, according to man sudo, -S causes sudo to read the
password from STDIN.
there is a way to pass the password in using sudo. I forget the
syntax but the man page should have it. If you’re still curious
tomorrow, I’ll dig up some code I wrote to do exactly this.
Matt
On my system, according to man sudo, -S causes sudo to read the
password from STDIN.
Sry, was really a backbone answer without thought.
One of the old hazards with using passwords on any kind of command line
is the risk of exposing it. I just never do it to be sure. I do not know
how big the risk really is today with current tools. Good old days was
full of shellscripts with all kind of obscure environment variables and
other crap.
On the other hand i do not see the problem with invoking it password
free, even if it’s within a app. Specific account, ssh logon via
embedded pwd or (even better if supported) keyfile. Sudo without
password. Sounds solid to me without the need to risk/expose anything.
And since you ssh anyway, you don’t need to stay in the boundaries of
same account.
Well, perhaps a dead horse anyhow, hope the original issue have been
resolved. This is after all not a Ruby-specific issue but rather a linux
opinion thingy.
Sry, was really a backbone answer without thought.
One of the old hazards with using passwords on any kind of command line
is the risk of exposing it. I just never do it to be sure. I do not know
how big the risk really is today with current tools. Good old days was
full of shellscripts with all kind of obscure environment variables and
other crap.
On the other hand i do not see the problem with invoking it password
free, even if it’s within a app. Specific account, ssh logon via
embedded pwd or (even better if supported) keyfile. Sudo without
password. Sounds solid to me without the need to risk/expose anything.
And since you ssh anyway, you don’t need to stay in the boundaries of
same account.
Well, perhaps a dead horse anyhow, hope the original issue have been
resolved. This is after all not a Ruby-specific issue but rather a linux
opinion thingy.
Still learning Ruby, and having lots of fun.
/Thomas
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.