0

I'm working on a script that needs to copy some files from a local machine to a directory on a remote server. The problem I'm running into is that the directory (/etc/init.d) is owned by root so I get permission exceptions if I try to copy files into it. That means I can't use scp without logging in as root.

The closest solution I have found so far is this answer: https://askubuntu.com/a/872537/798391 . Unfortunately, the answer as given doesn't quite work and none of the suggestion given in the comments seem to fix it. If I run

cat myscript.sh | ssh foo@myserver "sudo tee -a /etc/init.d/myscript.sh"

I get the error

sudo: no tty present and no askpass program specified

One of the comments suggested adding -t to the ssh command

cat myscript.sh | ssh -t foo@myserver "sudo tee -a /etc/init.d/myscript.sh"

but that resulted in the error

Pseudo-terminal will not be allocated because stdin is not a terminal.

Another suggested option was to use the -S argument of sudo

cat myscript.sh | ssh foo@myserver "sudo -S tee -a /etc/init.d/myscript.sh"

That at least prompts for the password, but it times out and asks again before the password can be entered completely.

At this point I'm out of ideas. Is there some way to get this command to work? Is there a better alternative solution for copying files to a protected remote location?

pbuchheit
  • 103

1 Answers1

0

There can be various methods to achieve what you want, it depends on detailed configuration on both machines.

The simplest method would be (if this is possible) to configure key-based ssh authentication so that your local user can ssh as root to the remote machine.

Another method is to use expect to write a script that logs interactively via ssh to the remote machine, does sudo -i (and types the appropriate password) and then copies the file doing scp in reverse direction (ie. scp is executed on the remote server towards your local machine - it must have a ssh server active).

The solution that is probably closest to what you originally tried is the following:

  1. prepare a script (let's call it /tmp/password) with the following content:

     #!/bin/sh
 echo password

    where password is the actual password for user foo on remote server.

  2. chmod 700 /tmp/password so that the file is executable and nobody except owner can access it

  3. copy the file (preserving permissions) to remote server with scp -p /tmp/password foo@myserver:/tmp

  4. use the following command:

     cat myscript.sh | ssh foo@myserver "SUDO_ASKPASS=/tmp/password sudo -A tee -a /etc/init.d/myscript.sh"
raj
  • 10,353
  • I have key based authentication set up, at least I think I do. I'm not entirely sure how that would help since I would still need to run the copy command with elevated permissions on the remote server, and thus would still need to supply a password. – pbuchheit Jan 04 '22 at 19:42
  • @pbuchheit Can you do ssh root@myserver ? I meant setting up key authentication so that you will be able to do it. – raj Jan 04 '22 at 19:52
  • No. I don't actually want to log in as root. – pbuchheit Jan 04 '22 at 20:03
  • @pbuchheit So try the solution I described. – raj Jan 04 '22 at 23:51
  • which solution? Using expect is a no-go; other team members need to be able to run this script without needing extra libraries. Adding a file containing the password to the remote server seems redundant. I already have key authentication set up. – pbuchheit Jan 05 '22 at 22:01
  • @pbuchheit Maybe try this before commenting that "it seems redundant". This file is used to provide passowrd to sudo (not to ssh) so that it doesn't ask you for it. You asked "Is there some way to get this command to work?". I gave you a tested answer, but you say you don't want to try it - it's your problem then. – raj Jan 05 '22 at 23:10