Re: [CentOS] scp with tty
What about disabling the tty requirement for sudo with '!requiretty' in your /etc/sudoers setup? On Mon, Oct 12, 2009 at 12:11 PM, tony.chamberl...@lemko.com wrote: Hello I need to know a way to have scp allocate a tty on a remote machine so I can have it run sudo and activate a vpn which it will need to activate. scp with -S does not work. I can't chmod +s the cisco vpn client because when I try to run it it says it can not have setuser. I could have the user scp via root but I do not want to do that. Any way to have scp allocate a tty? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
tony.chamberl...@lemko.com wrote: Hello I need to know a way to have scp allocate a tty on a remote machine so I can have it run sudo and activate a vpn which it will need to activate. scp with -S does not work. I can't chmod +s the cisco vpn client because when I try to run it it says it can not have setuser. I could have the user scp via root but I do not want to do that. Any way to have scp allocate a tty? Why don't you set up ssh keys for a passwordless connection as the appropriate user for the file copy and avoid the problem? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
I actually had to set both ssh keys and commented out the requiretty in the sudoers file. What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into. On Oct 13, 2009, at 11:43 AM, Les Mikesell wrote: tony.chamberl...@lemko.com wrote: Hello I need to know a way to have scp allocate a tty on a remote machine so I can have it run sudo and activate a vpn which it will need to activate. scp with -S does not work. I can't chmod +s the cisco vpn client because when I try to run it it says it can not have setuser. I could have the user scp via root but I do not want to do that. Any way to have scp allocate a tty? Why don't you set up ssh keys for a passwordless connection as the appropriate user for the file copy and avoid the problem? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
aurfal...@gmail.com wrote: I actually had to set both ssh keys and commented out the requiretty in the sudoers file. What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into. I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place. Or at least why you'd require a password for it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
Well, I noticed that ssh/scp probably requires tty and when called from a script, its not from a tty. At least in my case which was drupal calling a script that lauched ssh, a non tty source. I also required running privileged commands. Mebbe you don't need all this so check your logs and see what happens. On Oct 13, 2009, at 12:15 PM, Les Mikesell wrote: aurfal...@gmail.com wrote: I actually had to set both ssh keys and commented out the requiretty in the sudoers file. What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into. I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place. Or at least why you'd require a password for it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
Les Mikesell wrote: I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place. Perhaps he doesn't know the user@ syntax. Tony, try this: [localu...@host1 ~]$ ssh r...@host2 remotecmd This requires that the public key for localuser on host1 exists in host2:.ssh/authorized_keys. It also requires PermitRootLogin yes in /etc/ssh/sshd_config, which is unfortunately the default on CentOS. (I usually turn it off.) Beware that this makes localuser on host1 equivalent to root on host2! Also realize that remotecmd can be a very complex thing, not just a simple command. You can use pipes and other things through ssh. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
Warren Young wrote: Les Mikesell wrote: [...] This requires that the public key for localuser on host1 exists in host2:.ssh/authorized_keys. It also requires PermitRootLogin yes in /etc/ssh/sshd_config, which is unfortunately the default on CentOS. (I usually turn it off.) Unfortunately? I could not live w/o it ;-) Also realize that remotecmd can be a very complex thing, not just a simple command. You can use pipes and other things through ssh. If using IO redirections or pipes, be sure to quote them correctly: [localu...@host1 ~]$ ssh r...@host2 remotecmd /tmp/file will create /tmp/file with the output of remotecmd on host1 (!), while [localu...@host1 ~]$ ssh r...@host2 remotecmd /tmp/file will create /tmp/file on host2. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
Well, I noticed that ssh/scp probably requires tty and when called from a script, its not from a tty. At least in my case which was drupal calling a script that lauched ssh, a non tty source. I also required running privileged commands. Mebbe you don't need all this so check your logs and see what happens. My last job, I was setting up rsync backups. What I did was create a user, backup, then in /etc/sudoers, have !requiretty *only* for that user. The user was also limited in what commands it could run (in that case, rsync only). Don't forget to log in as that user first, so that you don't get the Oh, This is a new IP, are you Sure you want to continue connecting?!?! mark On Oct 13, 2009, at 12:15 PM, Les Mikesell wrote: aurfal...@gmail.com wrote: I actually had to set both ssh keys and commented out the requiretty in the sudoers file. What I was doing was having ssh called from a script and running a command on that remote host it was ssh-ing into. I'm still missing why you'd need to sudo inside the remote shell instead of ssh'ing as the right user in the first place. Or at least why you'd require a password for it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
