[
https://issues.apache.org/jira/browse/SSHD-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610615#comment-17610615
]
Thomas Wolf commented on SSHD-1298:
-----------------------------------
sudo complains that user *ctadmin* was not allowed to run {{{}su{}}}. So if it
works for user "siva", that doesn't tell anything. Check that user ctadmin can
execute that command. Or connect via SSH as user "siva".
As for writing the password through the channel's {{{}stdin{}}}: the following
works for me:
{code:java}
try (ClientSession session = client.connect("bob", actualHost,
actualPort).verify(CONNECT_TIMEOUT).getSession()) {
session.auth().verify(AUTH_TIMEOUT);
try (ChannelExec exec = session.createExecChannel("sudo -S su - root -c
whoami")) {
exec.open().verify(OPEN_TIMEOUT);
try (OutputStream channelInput = exec.getInvertedIn()) {
channelInput.write("passwordBob\n".getBytes(StandardCharsets.US_ASCII)); //
Don't forget the '\n'!
channelInput.flush();
try (BufferedReader channelOutput = new BufferedReader(
new InputStreamReader(exec.getInvertedOut(),
StandardCharsets.UTF_8))) {
String line;
do {
line = channelOutput.readLine();
if (line != null) {
System.err.println(">> " + line);
}
} while (line != null);
}
}
System.err.println("Exit code of command: " + exec.getExitStatus());
}
}
{code}
This prints
{code:java}
>> root
Exit code of command: 0
{code}
It also works with the command "{{{}sudo -S whoami{}}}", or "{{{}sudo -S -u
root whoami{}}}". (User "bob" has the password "passwordBob" and is listed in
sudoers of course.) You need to write the {{{}'\n'{}}}; otherwise {{sudo}} will
keep waiting for more input for the password.
Note that the above is _not_ production-quality code; in a real application
you'd probably want to handle the channel's {{{}stderr{}}}, too, and maybe feed
the password only if {{sudo}} asks for it, not have the password hard-coded,
and so on.
What is the benefit of connecting via SSH and then sudoing over connecting via
SSH to an account that has the correct rights already?
> password less sudo user commands execution and file.
> ----------------------------------------------------
>
> Key: SSHD-1298
> URL: https://issues.apache.org/jira/browse/SSHD-1298
> Project: MINA SSHD
> Issue Type: Improvement
> Environment: Java 1.8, Linux, Solaris.
> Reporter: sivaprasad
> Priority: Blocker
> Attachments: image-2022-09-23-18-01-38-617.png,
> image-2022-09-23-18-02-25-225.png, image-2022-09-23-18-04-29-364.png,
> image-2022-09-27-19-34-06-130.png, image-2022-09-28-18-55-13-239.png,
> image-2022-09-28-18-57-02-354.png, image-2022-09-28-18-59-16-962.png,
> image-2022-09-28-19-05-00-814.png, image-2022-09-28-19-08-56-706.png,
> image-2022-09-28-19-12-17-243.png
>
>
> Hi Team,
> To establish the Session connection, I am using a regular username(siva) and
> password(siva). once a session is created successfully, by using the same
> session I need to check out another sudo user 'oracle' to execute a command
> on Linux or Solaris, why is because this oracle user(passwordless access for
> this user) has those permissions to execute commands. here i attached the
> sample code i am using now. but it is working in some cases only. sometimes
> commands are giving 1 as existstatus and the error stream throws an error
> message even though I allocated pty to the session properly. someone, please
> help me how to overcome this.
> !image-2022-09-23-18-04-29-364.png!
>
> !image-2022-09-23-18-01-38-617.png!
>
> !image-2022-09-23-18-02-25-225.png!
>
> is there any better way to handle sudo user related command execution, file
> upload and downloads with Apachemina?
>
> Thanks,
> Siva
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
