ssh and su - SSH

This is a discussion on ssh and su - SSH ; I would like to be able to launch command as root on distant machines using ssh. As those machines do not allow root login directly, the idea is to use "su", but here is what I got : $ ssh ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: ssh and su

  1. ssh and su

    I would like to be able to launch command as root on distant machines using
    ssh. As those machines do not allow root login directly, the idea is to use
    "su", but here is what I got :

    $ ssh foo.bar "su root -c \"ls -l\""
    user1@for.bar's password: <= I entered the distant machine's root password
    su: Sorry

    Any idea or tips on that one ?

  2. Re: ssh and su

    On 2006-03-24, GaGadget wrote:
    > I would like to be able to launch command as root on distant machines using
    > ssh. As those machines do not allow root login directly, the idea is to use
    > "su", but here is what I got :
    >
    > $ ssh foo.bar "su root -c \"ls -l\""
    > user1@for.bar's password: <= I entered the distant machine's root password
    > su: Sorry

    Assuming the bit where you said you entered the root password where it
    prompted for for user1's is a mistake, it's probably failing because su
    will try to read the root password from a tty and the remote command
    doesn't have one. Adding "-t" to the ssh command line ought to help.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: ssh and su

    GaGadget wrote:

    > I would like to be able to launch command as root on distant machines
    > using ssh.
    >
    > Any idea or tips on that one ?

    I would do this using sudo instead of su.

    1. create user1 to the remote machine

    2. define commands that user1 can execute as root to the /etc/sudoers

    user1 ALL=NOPASSWD:/sbin/iptables


    3. execute command as root using ssh
    #ssh user1@foo.bar "sudo -u root /sbin/iptables -L -n"


    4. to execute ssh without user1's password, create RSA/DSA-keys for you and
    store public part to the /home/user1/.ssh/authorized_keys to the foo.bar
    machine

    Regards
    Kimmo Koivisto

  4. Re: ssh and su

    Darren Tucker wrote:

    > On 2006-03-24, GaGadget wrote:
    >> I would like to be able to launch command as root on distant machines
    >> using ssh. As those machines do not allow root login directly, the idea
    >> is to use "su", but here is what I got :
    >>
    >> $ ssh foo.bar "su root -c \"ls -l\""
    >> user1@for.bar's password: <= I entered the distant machine's root
    >> password su: Sorry
    >
    > Assuming the bit where you said you entered the root password where it
    > prompted for for user1's is a mistake, it's probably failing because su
    > will try to read the root password from a tty and the remote command
    > doesn't have one. Adding "-t" to the ssh command line ought to help.
    >

    You are right I meant :
    user1@for.bar's password: <= I entered the machine's _user1_ password

    I tried the "-t" on my linux box at home and it seems to do the trick, I
    will try on Monday at Office's machines and let you know.
    I read the man pages several times, seems I missed it. RTFM !

    Thank you,
    Gaga.

  5. Re: ssh and su

    Kimmo Koivisto wrote:

    > GaGadget wrote:
    >
    >> I would like to be able to launch command as root on distant machines
    >> using ssh.
    >>
    >> Any idea or tips on that one ?
    >
    > I would do this using sudo instead of su.
    >
    > 1. create user1 to the remote machine
    >
    > 2. define commands that user1 can execute as root to the /etc/sudoers
    >
    > user1 ALL=NOPASSWD:/sbin/iptables
    >

    Unfortunatly, I am not allowed to use sudo ...

    >
    > 3. execute command as root using ssh
    > #ssh user1@foo.bar "sudo -u root /sbin/iptables -L -n"
    >
    >
    > 4. to execute ssh without user1's password, create RSA/DSA-keys for you
    > and store public part to the /home/user1/.ssh/authorized_keys to the
    > foo.bar machine

    Yes, I'll do that for preventing the user1 password prompt.

    > Regards
    > Kimmo Koivisto

    I will try to use "-t" with the ssh command as suggested by Darren on an
    other post.
    "su" seems to need a real pseudo-tty and the "-t" force the allocation of a
    pseudo-tty not allocated by default when ssh is used force launching remote
    command.

    Thank you for the complete answer guys.

    Gaga.

  6. Re: ssh and su

    GaGadget wrote:

    > Kimmo Koivisto wrote:
    >
    >> GaGadget wrote:
    >>
    >>> I would like to be able to launch command as root on distant machines
    >>> using ssh.
    >>>
    >>> Any idea or tips on that one ?
    >>
    >> I would do this using sudo instead of su.
    >>
    >> 1. create user1 to the remote machine
    >>
    >> 2. define commands that user1 can execute as root to the /etc/sudoers
    >>
    >> user1 ALL=NOPASSWD:/sbin/iptables
    >>
    >
    > Unfortunatly, I am not allowed to use sudo ...
    >
    >>
    >> 3. execute command as root using ssh
    >> #ssh user1@foo.bar "sudo -u root /sbin/iptables -L -n"
    >>
    >>
    >> 4. to execute ssh without user1's password, create RSA/DSA-keys for you
    >> and store public part to the /home/user1/.ssh/authorized_keys to the
    >> foo.bar machine
    >
    > Yes, I'll do that for preventing the user1 password prompt.
    >
    >> Regards
    >> Kimmo Koivisto
    >
    > I will try to use "-t" with the ssh command as suggested by Darren on an
    > other post.
    > "su" seems to need a real pseudo-tty and the "-t" force the allocation of
    > a pseudo-tty not allocated by default when ssh is used force launching
    > remote command.
    >
    > Thank you for the complete answer guys.
    >
    > Gaga.

    It works great !

    Thank you,
    Regars.
+ Reply to Thread
« Client to client thru SSHServer | CLARIFICATION IN IKEV2 AUTHENTICATION PHASE2 »