By a bash script executed in a local computer run a command (with sudo privileges) on a remote server
Run a command on a remote system from a local computer
I need to execute a command on a remote lubuntu 22.04 system by a ssh connection, but without open a shell. This instruction will be executed inside a script. The script is executed on my local system (that has an other Ubuntu distribution installed). I have found that I can do it, with success, executing on the local system the following script:
# define a variable which stored the password
MYPASSWORD='mypassword'
sshpass -p $MYPASSWORD ssh myuser@192.168.1.1 "cp /home/myuser/file1 /path/to/dest/"
In the command I have used sshpass (which is installed on my local system) to avoid the input of the password for the user myuser needed to authenticate the ssh session.
My needs
I have also to execute a cp command as the previous but the destination for the file is a subfolder of /etc and this need sudo privileges. So the script becomes:
MYPASSWORD='mypassword'
sshpass -p $MYPASSWORD ssh myuser@192.168.1.1 "cp /home/myuser/file1 /path/to/dest/"
sshpass -p $MYPASSWORD ssh myuser@192.168.1.1 "sudo -S cp /home/myuser/file1 /etc/sub/folder/"
If I execute the script, the last command of the script outputs the following request:
[sudo] password for myuser:
So the script stops its execution and waits for the sudo password.
I don’t want this!
An attempt of mine
If I execute the command:
> echo mypassword | sudo -S -s cp /home/myuser/file1 /etc/sub/folder/
directly on a terminal of the remote system it works and copies file1 to /etc/sub/folder/ without asking the sudo password.
But if I execute the following command on my local system:
sshpass -p 'mypassword' ssh myuser@192.168.1.1 "echo mypassword | sudo -S -s cp /home/myuser/file1 /etc/sub/folder/"
it doesn’t work!
My question
Is there a way to avoid the input of the password for sudo by keyboard? Is it possible to send the password automatically?
I have found a workaround/solution.
Using a file that temporarily stores the password for sudo
I have modified the script executed in the local system by adding some commands showed below:
- creation of a text file in the folder of the remote system by the
echocommand; the file is calledpassword.txtand contains only the password ("mypassword") for the usermyuser. - the file
password.txtis direct as input to thesudocommand by the operator<. - execution of the command
sudo -S < /home/myuser/password.txt cp /home/myuser/file1 /etc/sub/folder/ - deletion of the file /home/myuser/password.txt from the remote system
This solution is used in a secure development environment so not break any security constraint.
The new script
With this instructions the script executed in the local system becomes:
MYPASSWORD='mypassword'
# creation of the file password.txt on the home folder of the remote system
sshpass -p $MYPASSWORD ssh myuser@192.168.1.1 "echo $MYPASSWORD > /home/myuser/password.txt"
# execution of the command which needs the sudo privileges (on remote system)
sshpass -p $MYPASSWORD ssh myuser@192.168.1.1 "sudo -S < /home/myuser/password.txt cp /home/myuser/file1 /etc/sub/folder/"
# The '<' directs file passowrd.txt as input to sudo ===========================
# deletion of the file password.txt
sshpass -p $MYPASSWORD ssh myuser@192.168.1.1 rm /home/myuser/password.txt
Suppress the output of sudo -S
I have found an other improvement which allows to suppress the output ([sudo] password for myuser:) of the command sudo -S which is sent from ssh to the local system.
It is enaugh to use the operator &> and the /dev/null device as showed below:
sshpass -p $MYPASSWORD ssh myuser@192.168.1.1 "sudo -S < /home/myuser/password.txt cp /home/myuser/file1 /etc/sub/folder/" &> /dev/null
Note In my local system suppression of output [sudo] password for myuser: works by following redirections:
&>/dev/null>&/dev/null
and this is normal because previous operators are equivalent (see this post on SuperUser).
The suppression does not work by the following redirection:
>/dev/null