0

I want to run a single script locally that invokes a 'sudo ./up' on several remote hosts via ssh.

Where ./up is simply:

---- /home/user/up ---- #!/bin/bash sudo apt update && sudo apt -y upgrade -----------------------

The username on all hosts is 'user', and the user is already granted sudoers permission (on all hosts) to invoke that script.

Keys are ssh-add'ed, and I normally do not need to enter any password when sshing to another host.

I can do it from a terminal with:

ssh user@remotehost1 sudo ./up

ssh user@remotehost2 sudo ./up

etc

HOWEVER when i try to put the commands together in a script the remote invocations fail because I am asked for root@remotehost's password (and I not only dont want to use root, but 'user' does already have permission to execute that script without password)

ie: this works:

(typed in konsole)

ssh user@remotehost1 sudo ./up ssh user@remotehost2 sudo ./up

and yet this FAILS:

--- /home/user/up --- #!/bin/bash sudo ./up # does work, as expected ssh user@remotehost1 sudo ./up # fails with password query ssh user@remotehost2 sudo ./up # fails with password query ---------------------

this also fails

--- /home/user/up --- #!/bin/bash sudo ./up # does work, as expected ssh user@remotehost1 sudo --user user ./up # fails with password query ssh user@remotehost2 sudo --user user ./up # fails with password query ---------------------

and by fail i mean it pauses to query a passord rather that completing and exiting:

user@localhost:~$ sudo ./up root@remotehost1's password:

-------- SOLVED --------

---- /home/user/update ---- #!/bin/bash sudo ./up ssh host1 sudo ./up ssh host2 sudo ./up ---- /home/user/up (on all machines) ---- #!/bin/bash #user ALL=(ALL) NOPASSWD: /home/user/up # sudo apt update && sudo apt -y upgrade [[ -f /var/run/reboot-required ]] && echo -ne "\\n\033[1;31m====== $HOSTNAME REBOOT REQUIRED =======\033[0m\\n" [[ -f /var/run/reboot-required.pkgs ]] && cat /var/run/reboot-required.pkgs echo "================ FINISHED ================"

then just execute ./update in terminal

Doh. thanks Ginnungagap.

Improve this question
0

1 Answer 1

Reset to default
0

You're invoking a script with sudo which contains sudo commands itself.

Effectively, what you're doing is akin to sudo bash -c "sudo apt update && sudo apt -y upgrade" .

The first sudo works fine, the others ones not so much. However they're utterly pointless so just get rid of them.

You also have an infinite loop since ./up calls ./up as its first command but I'm assuming that's a result of obsfucsating super duper secret script names.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.