System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Run some commands on multiple servers - with root user privillage

Prasanth V Aravind
Trusted Contributor

Run some commands on multiple servers - with root user privillage


Hi All,

We have around 600+ server in datacenter. Now I am trying to run some commands (which collect some data for auditing) through some script.


I know it can be done by remeshd from root , but its against sec settings.

I am running one script which will, do ssh ( give password using expect) , then sudo sh ( againg give password using expect)
The script is working for ssh, but its giving error on sudo sh
This is the error I am getting. “sudo: no tty present and no askpass program specified”
I know that, if I put “visiblepw” entry in sudoers file , it will allow to run sudo from script. But its not possible for me to change sudoers file now.
Is there any way I can achieve this without changing sudoers file????
Hope , there will be tricks ….

Rgds
Prasanth
4 REPLIES
Matti_Kurkela
Honored Contributor

Re: Run some commands on multiple servers - with root user privillage

Because your script is giving ssh a command to execute at the remote host, SSH assumes non-interactive mode is required. In this situation, SSH does not allocate a pseudo-TTY for the connection by default. This causes sudo to display the "sudo: no tty present..." error message.

You could fix this by using the option "-t" with ssh to force ssh allocate a pseudo-TTY even with non-interactive connections.

I have not checked whether SSH can detect expect as "non-interactive" or not: if a single "-t" option does not help, use "-tt" to absolutely force SSH to allocate a pseudo-TTY at the remote end even if it does not have one at the local end.

MK
MK
mvpel
Trusted Contributor

Re: Run some commands on multiple servers - with root user privillage

There's no reason to use expect to get root access with SSH. Using expect means that you have to have the root password in plain text somewhere, and that's never good practice.

You can set up a set of SSH keys which allow root access directly to the system, and even lock down the keys to permit only specific commands to be run, and only from a specific host.

As long as the private key has no password, or the key is stored at the beginning of the run in a key agent, then there is no password prompt once the remote system is connected.

Check out the documentation specifics for the authorized_keys file for details.
madhuchakkaravarthy
Trusted Contributor

Re: Run some commands on multiple servers - with root user privillage

hi

in host1

1.mkdir .ssh
2.cd .ssh
3.ssh-keygen -t rsa
two files will be generating
add the host entry of host2 in host1.

in host2
repeat the first 2 steps

copy the id.rsa.pub key from host1 in to .ssh of ur home dir.and the same u redirect to authorized_keys.
set 700 for .ssh and 600 for authorized keys

so that u no need to edit sudoers file.

without asking password u can run sh in all .

regards

MC

Prasanth V Aravind
Trusted Contributor

Re: Run some commands on multiple servers - with root user privillage

i am closing this thread