• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

scripting commands to be run on a remote server

B

Brazen

Diamond Member
Basically I have to run a couple commands on the local server, then a couple commands have to be run on a remote server (as su privileges), then a few more commands need to be run locally. I would like to script all this to be initiated from the local server.

For instance, lets say I want to run from a script this command: "sudo touch /etc/afile" or just "touch /etc/afile" if run as root. But I want the script to run on localserver1 and the command should be run on remoteserver1.

Any suggestions?
 
Originally posted by: sourceninja
ssh -fCT user@server "command to be ran"
Click to expand...

Ok, except that asks for the password of the user on the remote machine, though I suppose I could set up a passwordless key. I don't like having a key out there though that can be used by anyone (I always use passworded keys). Is there a way to make sure that can only be used from one server (probably by ip address)? Or some other way to make ssh log in without a password from one server?

I also get this error when the remote command uses sudo: "sudo: sorry, you must have a tty to run sudo"
 
Ok, except that asks for the password of the user on the remote machine, though I suppose I could set up a passwordless key. I don't like having a key out there though that can be used by anyone (I always use passworded keys). Is there a way to make sure that can only be used from one server (probably by ip address)? Or some other way to make ssh log in without a password from one server?
Click to expand...

Yes, in the authorized_keys file you can use the from= options to specify where the key can be used from.

I also get this error when the remote command uses sudo: "sudo: sorry, you must have a tty to run sudo"
Click to expand...

That's because he used the -T switch to ssh which disables pseudo-tty allocation.
 
I'm not sure I'd want a remove server having the ability to run sudo commands on another server. Just doesn't sit well with me.

And yes, keyfiles are the only way to go for passwordless ssh.
 
Originally posted by: Nothinman

I also get this error when the remote command uses sudo: "sudo: sorry, you must have a tty to run sudo"
Click to expand...

That's because he used the -T switch to ssh which disables pseudo-tty allocation.
Click to expand...

It also does it when I leave out that option. It looks like I need to get rid of the requiretty option in sudoers, I just need to figure out how to do it for only one user, and allow that one user to only run certain commands with sudo and no password.

Thanks for the heads up on the "from=" option.

Originally posted by: sourceninja
I'm not sure I'd want a remove server having the ability to run sudo commands on another server. Just doesn't sit well with me.

And yes, keyfiles are the only way to go for passwordless ssh.
Click to expand...

That's why I'm exploring other options, but if this is the way I have to go, I want to restrict it down as much as possible.
 
It also does it when I leave out that option. It looks like I need to get rid of the requiretty option in sudoers, I just need to figure out how to do it for only one user, and allow that one user to only run certain commands with sudo and no password.
Click to expand...

You could always try something like '/bin/bash -lc sudo blah'.
 
I believe to make sudo use no password for a single user you can do this (providing you know what programs you want to allow) in your sudoers file.

user hostname = NOPASSWD: /path/to/application, /path/to/other/application
 
Originally posted by: sourceninja
I believe to make sudo use no password for a single user you can do this (providing you know what programs you want to allow) in your sudoers file.

user hostname = NOPASSWD: /path/to/application, /path/to/other/application
Click to expand...

yep, that works, thanks

Originally posted by: Nothinman
It also does it when I leave out that option. It looks like I need to get rid of the requiretty option in sudoers, I just need to figure out how to do it for only one user, and allow that one user to only run certain commands with sudo and no password.
Click to expand...

You could always try something like '/bin/bash -lc sudo blah'.
Click to expand...

Actually just adding the -t option to the ssh command fixed it. I also figure out to disable requiretty for just one user you add this to sudoers: "Defaults:username !requiretty" and then it with work with the -T option to ssh.

Any idea if using -T to disable the tty is any better or not?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top