I'm establishing an ssh connection and then I want to run a command as
sudo. Now, normally, the user will be prompted to put in a password to
run the command as sudo.
Here is my script:
-----------
Net::SSH.start( 'files02', 'myuser', 'mypassword' ) do |session|
session.open_channel do |channel|
channel.on_data do |ch, data|
puts data
end
channel.exec "sudo echo \"hello\""
end
session.loop
end
------------
But this doesn't prompt for a password ( not surprisingly ) and of
course doesn't run the command. Any ideas on how I could get the
password prompt to the user?
James Dinkel (jdinkel)
on 2008-04-17 19:48
Jonathan Hudson (Guest)
on 2008-04-17 20:10
On Thu, 17 Apr 2008 12:48:03 -0500 James Dinkel <jdinkel@gmail.com> wrote: > end > course doesn't run the command. Any ideas on how I could get the > password prompt to the user? a. Add user / command to /etc/sudoers, so a pasword is not required; b. Ask for the password in your script, and then channel.exec "echo #{password} | sudo -S echo \"r00ted\"". In the latter case, don't blame me when you later suffer from a severe case of unexpected local user privilege escalation. -jh
James Dinkel (jdinkel)
on 2008-04-17 21:16
Jonathan Hudson wrote: > On Thu, 17 Apr 2008 12:48:03 -0500 > James Dinkel <jdinkel@gmail.com> wrote: > >> end >> course doesn't run the command. Any ideas on how I could get the >> password prompt to the user? > > a. Add user / command to /etc/sudoers, so a pasword is not required; > > b. Ask for the password in your script, and then > channel.exec "echo #{password} | sudo -S echo \"r00ted\"". > > In the latter case, don't blame me when you later suffer from a severe > case of unexpected local user privilege escalation. > > -jh ah yeah, I thought of the echoing in from stdin after I posted the question. I don't see what you mean by "suffer from a severe case of unexpected local user privilege escalation" though.
Jonathan Hudson (Guest)
on 2008-04-17 21:25
On Thu, 17 Apr 2008 14:16:26 -0500 James Dinkel <jdinkel@gmail.com> wrote: > > b. Ask for the password in your script, and then > > channel.exec "echo #{password} | sudo -S echo \"r00ted\"". > > > > In the latter case, don't blame me when you later suffer from a severe > > case of unexpected local user privilege escalation. > > > > -jh > > ah yeah, I thought of the echoing in from stdin after I posted the > question. I don't see what you mean by "suffer from a severe case of > unexpected local user privilege escalation" though. Occurred to me that there is a chance of the password being visible via ps or such. -jh
James Dinkel (jdinkel)
on 2008-04-17 22:29
>> > channel.exec "echo #{password} | sudo -S echo \"r00ted\"".
This isn't working. It seems to be having a problem with the pipe. I
think I'll have to figure out how to send stdin into a channel (I seem
to remember seeing something about this in the net-ssh docs).
James Dinkel (jdinkel)
on 2008-04-17 22:56
James Dinkel wrote: > >>> > channel.exec "echo #{password} | sudo -S echo \"r00ted\"". > > This isn't working. It seems to be having a problem with the pipe. I > think I'll have to figure out how to send stdin into a channel (I seem > to remember seeing something about this in the net-ssh docs). for the life of me I still can not get this to work. The pipe actually seems to work fine for other commands I tried (just to see) but not with sudo. What's the deal?!
Eric Hodel (Guest)
on 2008-04-17 23:50
On Apr 17, 2008, at 13:56 PM, James Dinkel wrote: > actually > seems to work fine for other commands I tried (just to see) but not > with > sudo. What's the deal?! Don't send a password to sudo via a pipe. Change the sudoers file instead to allow your user to sudo without a password.
Enable email notification
Enable multi-page view