[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Ruby + SSH + Sudo

MR Damien

8/28/2006 9:56:00 AM

Hi all,

I am developping and application that connect through ssh to a host and
then try to launch a command with sudo.
I am using the net/ssh library, and I use the key-rsa authentication to
connect (so no password needed).

------
Net::SSH.start(host.name) do |session|
shell = session.shell.sync
shell.send_command("sudo ps -ef")
shell.exit
end
end
------

So the code is locked to the send_command as the host is waiting me to
fill the password. But I don't find anyway of filling it. ".send_data"
doesn't work.

Did I missed something ?

Thanks

--
Posted via http://www.ruby-....
14 Answers

Ben Bleything

8/28/2006 3:30:00 PM

0

On Mon, Aug 28, 2006, Ron Reidy wrote:
> Damien,
>
> If you are truly using key authentication, you should not be prompted for a
> password. Since you are being prompted, you will either need to use a
> "here" document or expect to provide the password.

The problem is that his script is waiting for the sudo password, not the
ssh password.

You can set the sudoers file to not require a password for certain users
(or groups, or commands, whatever) with the NOPASSWD flag. Check the
sudoers man page for more.

Ben

brabuhr

8/28/2006 3:42:00 PM

0

> ------
> Net::SSH.start(host.name) do |session|
> shell = session.shell.sync
> shell.send_command("sudo ps -ef")
> shell.exit
> end
> end
> ------
>
> So the code is locked to the send_command as the host is waiting me to
> fill the password. But I don't find anyway of filling it. ".send_data"
> doesn't work.
>
> Did I missed something ?

The host is waiting for the ssh password or the sudo password? It may not
meet your security requirements, but you could configure sudoers to allow
that one user to run that small number of commands without a password:

MR Damien

8/28/2006 4:20:00 PM

0

unknown wrote:
>> fill the password. But I don't find anyway of filling it. ".send_data"
>> doesn't work.
>>
>> Did I missed something ?
>
> The host is waiting for the ssh password or the sudo password? It may
> not
> meet your security requirements, but you could configure sudoers to
> allow
> that one user to run that small number of commands without a password:

Hi all,

Thanks for your answers. The script was waiting for the sudo password.
I thought there was a way to provide the password manually with ruby but
it seems that there is not.

So I modified the sudoers for not asking password.

--
Posted via http://www.ruby-....

Matt Rose

9/8/2006 1:55:00 AM

0

there is a way to pass the password in using sudo. I forget the
syntax but the man page should have it. If you're still curious
tomorrow, I'll dig up some code I wrote to do exactly this.

Matt

On 28-Aug-06, at 12:20 PM, MR Damien wrote:

> unknown wrote:
>>> fill the password. But I don't find anyway of filling it.
>>> ".send_data"
>>> doesn't work.
>>>
>>> Did I missed something ?
>>
>> The host is waiting for the ssh password or the sudo password? It
>> may
>> not
>> meet your security requirements, but you could configure sudoers to
>> allow
>> that one user to run that small number of commands without a
>> password:
>
> Hi all,
>
> Thanks for your answers. The script was waiting for the sudo
> password.
> I thought there was a way to provide the password manually with
> ruby but
> it seems that there is not.
>
> So I modified the sudoers for not asking password.
>
> --
> Posted via http://www.ruby-....

MR Damien

9/8/2006 4:17:00 PM

0

I am still curious =)

--
Posted via http://www.ruby-....

Rick DeNatale

9/8/2006 4:25:00 PM

0

On 9/7/06, Matt Rose <mattrose@folkwolf.net> wrote:
> there is a way to pass the password in using sudo. I forget the
> syntax but the man page should have it. If you're still curious
> tomorrow, I'll dig up some code I wrote to do exactly this.

FWIW, I can't for the life of me find any options in man sudo (on an
Ubuntu Dapper) which allows the password to be given as an arg. The
only possibility might the the -a option

-a The -a (authentication type) option causes sudo to use the specified
authentication type when validating the user, as allowed by
/etc/login.conf. The system administrator may specify a list of
sudo-specific authentication methods by adding an "auth-sudo" entry
in /etc/login.conf. This option is only available on systems
that support
BSD authentication where sudo has been configured with the
--with-bsdauth option.

This MAY allow it but it seems to require a specific system configuration.

--
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denh...

Alex LeDonne

9/8/2006 6:14:00 PM

0

On 9/7/06, Matt Rose <mattrose@folkwolf.net> wrote:
> there is a way to pass the password in using sudo. I forget the
> syntax but the man page should have it. If you're still curious
> tomorrow, I'll dig up some code I wrote to do exactly this.
>
> Matt

On my system, according to man sudo, -S causes sudo to read the
password from STDIN.

-A

Rick DeNatale

9/9/2006 5:00:00 PM

0

On 9/8/06, Alex LeDonne <aledonne.listmail@gmail.com> wrote:
> On 9/7/06, Matt Rose <mattrose@folkwolf.net> wrote:
> > there is a way to pass the password in using sudo. I forget the
> > syntax but the man page should have it. If you're still curious
> > tomorrow, I'll dig up some code I wrote to do exactly this.
> >
> > Matt
>
> On my system, according to man sudo, -S causes sudo to read the
> password from STDIN.

Yep, missed that one.

So:

echo secretPasswd | ssh -S command...

should do the trick

--
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denh...

Rick DeNatale

9/9/2006 5:01:00 PM

0

On 9/9/06, Rick DeNatale <rick.denatale@gmail.com> wrote:

Thomas

9/15/2006 3:37:00 PM

0

Rick DeNatale wrote:
> On 9/8/06, Alex LeDonne <aledonne.listmail@gmail.com> wrote:
>> On 9/7/06, Matt Rose <mattrose@folkwolf.net> wrote:
>> > there is a way to pass the password in using sudo. I forget the
>> > syntax but the man page should have it. If you're still curious
>> > tomorrow, I'll dig up some code I wrote to do exactly this.
>> >
>> > Matt
>>
>> On my system, according to man sudo, -S causes sudo to read the
>> password from STDIN.
>
> Yep, missed that one.
>
> So:
>
> echo secretPasswd | ssh -S command...
>
> should do the trick
>

And hope no one does a ps -a at the time and get account pwd.

Might be best to use separate account with sudo privs without need of pwd.

Just my 0.02 cents