10

I haven't been able to find a question that describes this specific scenario.

I am trying to execute a very basic bash script to retrieve logging from multiple machines. I am running the script locally but need to access an external machine via ssh, as well as sudo into a privileged user once on that machine...

ssh [email protected] sudo su - privledged_user cat logs > file.txt

Running this with sh -x reveals bash is getting stuck on the 'ssh' line. So I tried revising it to this:

ssh [email protected] sudo su - privledged_user cat logs > file.txt

This also seems to stall indefinitely. Is there a better solution to this problem?? I don't see a way around using sudo su from what I can tell...

Thanks for any help!

Improve this question
1
  • Why the close vote ? This question is on topic: managing the hardware or software of servers, workstations, storage or networks , tools used for administering, monitoring, or automating these Commented Dec 30, 2014 at 10:38

3 Answers 3

Reset to default
5

The way I achieve this in my current environment, is to run ssh with the -t flag which forces tty allocation, and to then run sudo -u root within it, as follows:

ssh -t hostname << EOF command1 sudo -u root command2 sudo -u otheruser "command3 | command4" sudo -u root /bin/bash -c "command5; command6; command7" command8 && ( sudo -u otheruser /bin/bash -c "cmd1 ${1}; cmd2 {$2}" ) || echo cmd2 did not work EOF

I have my account in sudoers on the remote side so that no password is required.

This example shows you different ways to do this within a single ssh session, including running multiple commands with bash or within a subshell. Note also that if you put the above code into an executable script, you can pass command line arguments ($1 and $2) to ssh and these will be expanded and then referenced on the remote side.

Improve this answer
4
  • Unfortunately because I don't manage the remote server, I believe I'm stuck using sudo su here. Would that still work in this format? Commented Dec 29, 2014 at 22:55
  • yes it will work too. you can enter the password when prompted. Commented Dec 29, 2014 at 22:59
  • I've tried: ssh -t [email protected] << EOF sudo su - adcentrl egrep 'ERROR\|WARN' /home/adcentrl/cronjobs/logs/*/* EOF But I received: "Pseudo-terminal will not be allocated because stdin is not a terminal." Commented Dec 29, 2014 at 23:11
  • perfectly okay. ignore that warning and proceed. if you want you can disable "RequireTty" in /etc/sudoers on the remote end Commented Dec 29, 2014 at 23:14
5

If you don't want or can't stop sudo from asking you the password, one simple trick is to read it locally and store it in a local variable:

read -p 'Password: ' -s password ssh -t [email protected] <<EOF echo "$password" | sudo -S whoami EOF
Improve this answer
1

If sudo is configured to allow passwordless commands, this should do what you want:

ssh [email protected] "sudo su - privileged_user -c 'cat logs'" > file.txt

or

ssh [email protected] "sudo su - privileged_user -c 'cat logs > file.txt'"

depending on whether you want file.txt file be created locally or remotely.

Otherwise, here is a way to pass the remote user's password to sudo:

echo mrhyner_password | \ ssh [email protected] \ "sudo -S su - adcentrl -c 'egrep ERROR\|WARN /home/adcentrl/cronjobs/logs/*/*'"
Improve this answer
8
  • Very interesting. However using ssh without -t tells me "no tty present". Adding in -t removes this error but doesn't seem to honor 'sudo su' as it prompts me for a password. Here's specifically what I'm doing: ssh -t [email protected] "sudo su - adcentrl -c egrep "ERROR\|WARN" /home/adcentrl/cronjobs/logs/*/*" This gives me: bash: WARN: command not found [sudo] password for mrhyner: Commented Dec 29, 2014 at 22:48
  • Sorry, I apparently don't know how to format my comments in this thing Commented Dec 29, 2014 at 22:49
  • I was assuming sudo was configured to be passwordless for your remote account. Commented Dec 29, 2014 at 23:14
  • and you are missing extra single quotes. Commented Dec 29, 2014 at 23:17
  • It is, which caused me to reason that bash isn't honoring the ssh command for some reason. It's acting like I'm trying to sudo from my local host =\ Commented Dec 29, 2014 at 23:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.