Re: [CentOS] scp with tty

2009-10-13 Thread m . roth
> Well, I noticed that ssh/scp probably requires tty and when called
> from a script, its not from a tty.
>
> At least in my case which was drupal calling a script that lauched
> ssh, a non tty source.
>
> I also required running privileged commands.
>
> Mebbe you don't need all this so check your logs and see what happens.
>
My last job, I was setting up rsync backups. What I did was create a user,
backup, then in /etc/sudoers, have !requiretty *only* for that user. The
user was also limited in what commands it could run (in that case, rsync
only).

Don't forget to log in as that user first, so that you don't get the "Oh,
This is a new IP, are you Sure you want to continue connecting?!?!"

   mark

> On Oct 13, 2009, at 12:15 PM, Les Mikesell wrote:
>
>> aurfal...@gmail.com wrote:
>>> I actually had to set both ssh keys and commented out the requiretty
>>> in the sudoers file.
>>>
>>> What I was doing was having ssh called from a script and running a
>>> command on that remote host it was ssh-ing into.
>>
>> I'm still missing why you'd need to sudo inside the remote shell
>> instead
>> of ssh'ing as the right user in the first place.  Or at least why
>> you'd
>> require a password for it.
>>
>> --
>>   Les Mikesell
>>lesmikes...@gmail.com
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] scp with tty

2009-10-13 Thread Frank Thommen
Warren Young wrote:
> Les Mikesell wrote:
>> [...]
> 
> This requires that the public key for localuser on host1 exists in 
> host2:.ssh/authorized_keys.  It also requires "PermitRootLogin yes" in 
> /etc/ssh/sshd_config, which is unfortunately the default on CentOS.  (I 
> usually turn it off.)

Unfortunately?  I could not live w/o it ;-)


> Also realize that remotecmd can be a very complex thing, not just a 
> simple command.  You can use pipes and other things through ssh.

If using IO redirections or pipes, be sure to quote them correctly:

   [localu...@host1 ~]$ ssh r...@host2 remotecmd > /tmp/file

will create /tmp/file with the output of remotecmd on host1 (!), while

   [localu...@host1 ~]$ ssh r...@host2 remotecmd ">" /tmp/file

will create /tmp/file on host2.


Cheers

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] scp with tty

2009-10-13 Thread Warren Young
Les Mikesell wrote:
> 
> I'm still missing why you'd need to sudo inside the remote shell instead 
> of ssh'ing as the right user in the first place.  

Perhaps he doesn't know the user@ syntax.

Tony, try this:

[localu...@host1 ~]$ ssh r...@host2 remotecmd

This requires that the public key for localuser on host1 exists in 
host2:.ssh/authorized_keys.  It also requires "PermitRootLogin yes" in 
/etc/ssh/sshd_config, which is unfortunately the default on CentOS.  (I 
usually turn it off.)

Beware that this makes localuser on host1 equivalent to root on host2!

Also realize that remotecmd can be a very complex thing, not just a 
simple command.  You can use pipes and other things through ssh.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] scp with tty

2009-10-13 Thread aurfalien
Well, I noticed that ssh/scp probably requires tty and when called  
from a script, its not from a tty.

At least in my case which was drupal calling a script that lauched  
ssh, a non tty source.

I also required running privileged commands.

Mebbe you don't need all this so check your logs and see what happens.

On Oct 13, 2009, at 12:15 PM, Les Mikesell wrote:

> aurfal...@gmail.com wrote:
>> I actually had to set both ssh keys and commented out the requiretty
>> in the sudoers file.
>>
>> What I was doing was having ssh called from a script and running a
>> command on that remote host it was ssh-ing into.
>
> I'm still missing why you'd need to sudo inside the remote shell  
> instead
> of ssh'ing as the right user in the first place.  Or at least why  
> you'd
> require a password for it.
>
> -- 
>   Les Mikesell
>lesmikes...@gmail.com
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] scp with tty

2009-10-13 Thread Les Mikesell
aurfal...@gmail.com wrote:
> I actually had to set both ssh keys and commented out the requiretty  
> in the sudoers file.
> 
> What I was doing was having ssh called from a script and running a  
> command on that remote host it was ssh-ing into.

I'm still missing why you'd need to sudo inside the remote shell instead 
of ssh'ing as the right user in the first place.  Or at least why you'd 
require a password for it.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] scp with tty

2009-10-13 Thread aurfalien
I actually had to set both ssh keys and commented out the requiretty  
in the sudoers file.

What I was doing was having ssh called from a script and running a  
command on that remote host it was ssh-ing into.


On Oct 13, 2009, at 11:43 AM, Les Mikesell wrote:

> tony.chamberl...@lemko.com wrote:
>> Hello
>>
>> I need to know a way to have scp allocate a tty on a remote machine
>> so I can have it run sudo and activate a vpn which it will need to
>> activate. scp with "-S" does not work. I can't chmod +s the cisco  
>> vpn client
>> because when I try to run it it says it can not have setuser.
>>
>> I could have the user scp via root but I do not want to do that.
>>
>> Any way to have scp allocate a tty?
>
> Why don't you set up ssh keys for a passwordless connection as the
> appropriate user for the file copy and avoid the problem?
>
> -- 
>   Les Mikesell
> lesmikes...@gmail.com
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] scp with tty

2009-10-13 Thread Les Mikesell
tony.chamberl...@lemko.com wrote:
> Hello
> 
> I need to know a way to have scp allocate a tty on a remote machine
> so I can have it run sudo and activate a vpn which it will need to
> activate. scp with "-S" does not work. I can't chmod +s the cisco vpn client
> because when I try to run it it says it can not have setuser.
> 
> I could have the user scp via root but I do not want to do that.
> 
> Any way to have scp allocate a tty?

Why don't you set up ssh keys for a passwordless connection as the 
appropriate user for the file copy and avoid the problem?

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] scp with tty

2009-10-13 Thread Marc Wiatrowski
What about disabling the tty requirement for sudo with '!requiretty' in your
/etc/sudoers setup?

On Mon, Oct 12, 2009 at 12:11 PM,  wrote:

>
> Hello
>
> I need to know a way to have scp allocate a tty on a remote machine
> so I can have it run sudo and activate a vpn which it will need to
> activate. scp with "-S" does not work. I can't chmod +s the cisco vpn
> client
> because when I try to run it it says it can not have setuser.
>
> I could have the user scp via root but I do not want to do that.
>
> Any way to have scp allocate a tty?
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] scp with tty

2009-10-12 Thread tony . chamberlain

Hello

I need to know a way to have scp allocate a tty on a remote machine
so I can have it run sudo and activate a vpn which it will need to
activate. scp with "-S" does not work. I can't chmod +s the cisco vpn client
because when I try to run it it says it can not have setuser.

I could have the user scp via root but I do not want to do that.

Any way to have scp allocate a tty?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos