1

I'd like a single command that:

  • ssh's into my server as user foo, using the public keys I have set up
  • executes a mysqldump of some database with the /etc/mysql/debian.cnf defaults-file
  • to stdout, so I can pipe it locally
  • while doing a sudo on the server remotely, because user foo is not allowed to read /etc/mysql/debian.cnf. foo is allowed to sudo bash but not sudo mysqldump.

This is the best I have come up:

echo 'mysqldump --defaults-file=/etc/mysql/debian.cnf dbname' | ssh -t -i keys/id_rsa -l foo example.com sudo bash -s

This ugly beast works, but produces: Pseudo-terminal will not be allocated because stdin is not a terminal., and I really don't like the echo. There must be a better way?

Johannes Ernst
  • 3,072
  • 3
  • 42
  • 56

1 Answers1

3

ssh -i keys/id_rsa foo@example.com sudo bash -c "'mysqldump --defaults-file=/etc/mysql/debian.cnf dbname'"

This will only work if sudo doesn't need to ask for a password. If it does, you need the -t option to ssh.

Note the double and single quotes. The outer quotes will get taken away by your local shell, and the whole 'mysqldump --defaults-file=/etc/mysql/debian.cnf dbname' string will be passed to ssh as a single argument. Ssh will pass that to the remote sudo, so your remote will see the single quotes. The remote bash needs the single quotes to interpret the part after -c as a single argument.

Gary G
  • 5,692
  • 2
  • 27
  • 18
  • Can you explain the quotes-inside-quotes? The outer ones presumably pass one string into the ssh, but what about the inner one? – Johannes Ernst Nov 05 '12 at 03:46
  • (Added explanation to answer) The outer quotes will get taken away by your local shell, and the whole `'mysqldump --defaults-file=/etc/mysql/debian.cnf dbname'` string will be passed to ssh as a single argument. Ssh will pass that to the remote sudo, so your remote will see the single quotes. The remote bash needs the single quotes to interpret the part after `-c` as a single argument. – Gary G Nov 05 '12 at 12:01