2

I have a script that prompts the user for their sudo password, and then iterates through a list of hosts and performs commands on remote hosts. I can 'read -s' to get their password silently, but each time their password is used on a remote host, it's echoed back to the terminal. Changing stty on the local host doesn't help. Example:

#!/bin/sh -x

echo "Enter sudo pass:"
read -s SUDOPASS

stty_orig=$(stty -g)
stty -echo
ssh -tt remote_host sudo cat /etc/cma.conf <<EOP
$SUDOPASS
EOP
stty $stty_orig

The output still includes the password:

+ ssh -tt remote_host sudo cat /etc/cma.conf
My_P4ssW0rd!
Password:
<?xml version="1.0" encoding="UTF-8"?>
...

It also doesn't help to play with stty on the remote host:

stty_orig=$(ssh -t remote_host stty -g)
ssh -t remote_host stty -echo
ssh -tt remote_host sudo cat /etc/cma.conf <<EOP
$SUDOPASS
EOP
ssh -t remote_host stty $stty_orig

FWIW, I'm mainly concerned with OSX bash/sh

John Oliver
  • 325
  • 2
  • 4
  • 11

2 Answers2

1

Try expect:

#!/bin/sh

echo "Enter sudo pass:"
read -s SUDOPASS

expect -c 'spawn ssh -tt remote_host sudo cat /etc/cma.conf ; expect -re "\\\[sudo\\\] password for .*:"; send "'"$SUDOPASS"'\n";interact'
anishsane
  • 20,270
  • 5
  • 40
  • 73
  • Err, no... try it yourself. The '-x' was there for me to follow along. I can reproduce the issue without enabling debugging. – John Oliver Jul 02 '13 at 19:53
  • Oh sorry... I read it wrong. I thought you are not getting `ssh` password printed on the screen. It's `sudo` password, that's giving you the issue. Updating the answer. – anishsane Jul 03 '13 at 06:20
0

To be honest, I haven't spotted the problem here. But I often redirect the output manually to silence it:

ssh -tt remote_host sudo cat /etc/cma.conf <<EOP >& /dev/null

I'm not sure if this will help.

Octahedron
  • 893
  • 2
  • 16
  • 31
Imemmaw
  • 45
  • 1
  • 9