-1

This seems to be a popular question on stackoverflow but nothing seems to be working for me

I will explain my problems first and then go the the solutions I have tried

What I need to do is to ssh to serverB from serverA. for this I have set up an rsa encryption on the servers and I can successfully ssh to serverB

I use

ssh user@hostname

Now I want execute certain commands on serverB. The first one is to switch to app user. For this I need to run sudo su - app command but I also want to provide the password in the same line so that it doesnt prompt for the password again.

So I have tried to first directly run sudo su - app command on serverB with password to test it out

I have tried the following

echo "password" | sudo su - app

sudo -S  <<< "password" su - app

echo "password" | sudo -S su - app

echo 'passowrd' | sudo 'su -c - app'

However none of the above solutions work for me.

The closest I could get was with 

echo "password" | script -c "sudo su - app"

where it accepts the password and shows me 

app@hostname [/app]
$

however when I run the command whoami it still shows me user instead of app. however when I directly run sudo su - app and the provide pass and then run whoami it gives me app

I am trying to run command with ssh like

ssh user@hostname -t 'echo "password" | script -c "sudo su - app"'

P.S. the user user doesnt have root access and also I cannot make use of any plugin as I don't have permission to do the same

My server is Redhat 6.2

I hope I could explain it properly. Looking for some answers that can help.

Sorry for my bad English. Thanks for help.

Shubham Khatri
  • 270,417
  • 55
  • 406
  • 400
  • so user is not in ```sudousers``` group? –  Jan 25 '17 at 10:24
  • @МартинБее no it is not – Shubham Khatri Jan 25 '17 at 10:26
  • if you don`t have root privileges, in my opinion you will not be able to run any command beginning with ```sudo```, if you can, try to login as ```app``` in the beginning with ssh command. –  Jan 25 '17 at 10:27
  • @МартинБее As I said user has permission to switch to app user. Since when I try sudo su - app and enter password it works – Shubham Khatri Jan 25 '17 at 10:29
  • @МартинБее I have tried that too, but the thing is that I dont have the password for app user and hence I can't login.It would have been really easy if it was possible – Shubham Khatri Jan 25 '17 at 11:00
  • You should probably be using `sudo -u app -i ` and add the relevant `sudoers` entries to not prompt for a password. (Hmm... no root... `sudo su - app` should not work wither...) With an unpatched RHEL 6.2 box (Redhat 6.2 was released in 2000, so I'm assuming RHEL) there might be privilege escalation exploits... (Assuming it is your own server) – Gert van den Berg Jan 26 '17 at 14:56
  • @GertvandenBerg The thing is, in my organization I have been given a user that has restricted permissions, so it is allowed a few sudo permissions but not all, so I am allowed to do `sudo su - app` but not `sudo su` or `sudo apt-get install jq` and I wont be able to edit the sudoers file – Shubham Khatri Jan 26 '17 at 14:59
  • @ShubhamKhatri: That is not an especially nice method to switch users... You might be able to script it using something like expect... (My previous comment was edited when I noticed the no-root part) – Gert van den Berg Jan 26 '17 at 15:01
  • @GertvandenBerg I have looked at that too but does expect need to installed, if yes i can't do that too – Shubham Khatri Jan 26 '17 at 15:03
  • @ShubhamKhatri: the `askpass` option seems like something to look into... (`-S` is the other option, which you tried...) (askpass seems to require an executable to output the password) Another method might be to script the SSH session from the source server, where options like expect might be available... – Gert van den Berg Jan 26 '17 at 15:14
  • @GertvandenBerg Thanks I will try those – Shubham Khatri Jan 26 '17 at 15:15

1 Answers1

1

If we set up ssh using rsa key encryption then we don't need to use the password.

In order to enable ssh with public/private key I follow

  1. Genrate the public/private key for user on serverA

    ssh-keygen -t rsa

  2. Go to .ssh/id_rsa.pub file and copy the public key

  3. Login to ServerB and then do sudo su - app to change to app user. Here in the file .ssh/authorized_key copy the public key.

  4. Try ssh to serverB now from serverA like

    ssh app@hostnameServerB

It works without asking for a password.

Shubham Khatri
  • 270,417
  • 55
  • 406
  • 400