0

I want to run a single script locally that invokes a 'sudo ./up' on several remote hosts via ssh.

Where ./up is simply:

---- /home/user/up ----
#!/bin/bash
sudo apt update && sudo apt -y upgrade
-----------------------

The username on all hosts is 'user', and the user is already granted sudoers permission (on all hosts) to invoke that script.

Keys are ssh-add'ed, and I normally do not need to enter any password when sshing to another host.

I can do it from a terminal with:

ssh user@remotehost1 sudo ./up

ssh user@remotehost2 sudo ./up

etc

HOWEVER when i try to put the commands together in a script the remote invocations fail because I am asked for root@remotehost's password (and I not only dont want to use root, but 'user' does already have permission to execute that script without password)

ie: this works:

(typed in konsole)

ssh user@remotehost1 sudo ./up
ssh user@remotehost2 sudo ./up

and yet this FAILS:

--- /home/user/up ---
#!/bin/bash
sudo ./up # does work, as expected
ssh user@remotehost1 sudo ./up # fails with password query
ssh user@remotehost2 sudo ./up # fails with password query
---------------------

this also fails

--- /home/user/up ---
#!/bin/bash
sudo ./up # does work, as expected
ssh user@remotehost1 sudo --user user ./up # fails with password query
ssh user@remotehost2 sudo --user user ./up # fails with password query
---------------------

and by fail i mean it pauses to query a passord rather that completing and exiting:

user@localhost:~$ sudo ./up 
root@remotehost1's password:

-------- SOLVED --------

---- /home/user/update ----
#!/bin/bash
sudo ./up
ssh host1 sudo ./up
ssh host2 sudo ./up

---- /home/user/up (on all machines) ----
#!/bin/bash
#user ALL=(ALL) NOPASSWD: /home/user/up
# 
sudo apt update && sudo apt -y upgrade
[[ -f /var/run/reboot-required ]] && echo -ne "\\n\033[1;31m====== $HOSTNAME REBOOT REQUIRED =======\033[0m\\n" 
[[ -f /var/run/reboot-required.pkgs ]] && cat /var/run/reboot-required.pkgs
echo "================ FINISHED ================"

then just execute ./update in terminal

Doh. thanks Ginnungagap.

BETLOG
  • 3
  • 2

1 Answers1

0

You're invoking a script with sudo which contains sudo commands itself.

Effectively, what you're doing is akin to sudo bash -c "sudo apt update && sudo apt -y upgrade" .

The first sudo works fine, the others ones not so much. However they're utterly pointless so just get rid of them.

You also have an infinite loop since ./up calls ./up as its first command but I'm assuming that's a result of obsfucsating super duper secret script names.

Ginnungagap
  • 2,595
  • 10
  • 13