Asp Forum - Windows, Net::SSH: how do I send a password to sudo?

James Dinkel

4/17/2008 5:48:00 PM

I'm establishing an ssh connection and then I want to run a command as
sudo. Now, normally, the user will be prompted to put in a password to
run the command as sudo.

Here is my script:
-----------
Net::SSH.start( 'files02', 'myuser', 'mypassword' ) do |session|
session.open_channel do |channel|
channel.on_data do |ch, data|
puts data
end

channel.exec "sudo echo \"hello\""

end

session.loop
end
------------

But this doesn't prompt for a password ( not surprisingly ) and of
course doesn't run the command. Any ideas on how I could get the
password prompt to the user?
--
Posted via http://www.ruby-....

6 Answers

jh+ruby-lang

4/17/2008 6:04:00 PM

On Thu, 17 Apr 2008 12:48:03 -0500
James Dinkel <jdinkel@gmail.com> wrote:

> I'm establishing an ssh connection and then I want to run a command as
> sudo. Now, normally, the user will be prompted to put in a password to
> run the command as sudo.
>
> Here is my script:
> -----------
> Net::SSH.start( 'files02', 'myuser', 'mypassword' ) do |session|
> session.open_channel do |channel|
> channel.on_data do |ch, data|
> puts data
> end
>
> channel.exec "sudo echo \"hello\""
>
> end
>
> session.loop
> end
> ------------
>
> But this doesn't prompt for a password ( not surprisingly ) and of
> course doesn't run the command. Any ideas on how I could get the
> password prompt to the user?

a. Add user / command to /etc/sudoers, so a pasword is not required;

b. Ask for the password in your script, and then
channel.exec "echo #{password} | sudo -S echo \"r00ted\"".

In the latter case, don't blame me when you later suffer from a severe
case of unexpected local user privilege escalation.

-jh

James Dinkel

4/17/2008 7:16:00 PM

Jonathan Hudson wrote:
> On Thu, 17 Apr 2008 12:48:03 -0500
> James Dinkel <jdinkel@gmail.com> wrote:
>
>> end
>> course doesn't run the command. Any ideas on how I could get the
>> password prompt to the user?
>
> a. Add user / command to /etc/sudoers, so a pasword is not required;
>
> b. Ask for the password in your script, and then
> channel.exec "echo #{password} | sudo -S echo \"r00ted\"".
>
> In the latter case, don't blame me when you later suffer from a severe
> case of unexpected local user privilege escalation.
>
> -jh

ah yeah, I thought of the echoing in from stdin after I posted the
question. I don't see what you mean by "suffer from a severe case of
unexpected local user privilege escalation" though.
--
Posted via http://www.ruby-....

jh+ruby-lang

4/17/2008 7:23:00 PM

On Thu, 17 Apr 2008 14:16:26 -0500
James Dinkel <jdinkel@gmail.com> wrote:

> Jonathan Hudson wrote:
> > On Thu, 17 Apr 2008 12:48:03 -0500
> > James Dinkel <jdinkel@gmail.com> wrote:
> >
> >> end
> >> course doesn't run the command. Any ideas on how I could get the
> >> password prompt to the user?
> >
> > a. Add user / command to /etc/sudoers, so a pasword is not required;
> >
> > b. Ask for the password in your script, and then
> > channel.exec "echo #{password} | sudo -S echo \"r00ted\"".
> >
> > In the latter case, don't blame me when you later suffer from a severe
> > case of unexpected local user privilege escalation.
> >
> > -jh
>
> ah yeah, I thought of the echoing in from stdin after I posted the
> question. I don't see what you mean by "suffer from a severe case of
> unexpected local user privilege escalation" though.

Occurred to me that there is a chance of the password being visible
via ps or such.

-jh

James Dinkel

4/17/2008 8:29:00 PM

>> > channel.exec "echo #{password} | sudo -S echo \"r00ted\"".

This isn't working. It seems to be having a problem with the pipe. I
think I'll have to figure out how to send stdin into a channel (I seem
to remember seeing something about this in the net-ssh docs).
--
Posted via http://www.ruby-....

James Dinkel

4/17/2008 8:56:00 PM

James Dinkel wrote:
>
>>> > channel.exec "echo #{password} | sudo -S echo \"r00ted\"".
>
> This isn't working. It seems to be having a problem with the pipe. I
> think I'll have to figure out how to send stdin into a channel (I seem
> to remember seeing something about this in the net-ssh docs).

for the life of me I still can not get this to work. The pipe actually
seems to work fine for other commands I tried (just to see) but not with
sudo. What's the deal?!
--
Posted via http://www.ruby-....

Eric Hodel

4/17/2008 9:49:00 PM

On Apr 17, 2008, at 13:56 PM, James Dinkel wrote:
> James Dinkel wrote:
>>>>> channel.exec "echo #{password} | sudo -S echo \"r00ted\"".
>>
>> This isn't working. It seems to be having a problem with the
>> pipe. I
>> think I'll have to figure out how to send stdin into a channel (I
>> seem
>> to remember seeing something about this in the net-ssh docs).
>
> for the life of me I still can not get this to work. The pipe
> actually
> seems to work fine for other commands I tried (just to see) but not
> with
> sudo. What's the deal?!

Don't send a password to sudo via a pipe.

Change the sudoers file instead to allow your user to sudo without a
password.

comp.lang.ruby

Windows, Net::SSH: how do I send a password to sudo?

James Dinkel

jh+ruby-lang

James Dinkel

jh+ruby-lang

James Dinkel

James Dinkel

Eric Hodel

x Login to ForumsZone