HPE Community
Operating System - HP-UX
1833490 Members
2935 Online
110052 Solutions
New Discussion

Run some commands on multiple servers - with root user privillage

 
Prasanth V Aravind
Trusted Contributor

‎03-25-2010 11:54 PM

‎03-25-2010 11:54 PM

Run some commands on multiple servers - with root user privillage


Hi All,

We have around 600+ server in datacenter. Now I am trying to run some commands (which collect some data for auditing) through some script.


I know it can be done by remeshd from root , but its against sec settings.

I am running one script which will, do ssh ( give password using expect) , then sudo sh ( againg give password using expect)
The script is working for ssh, but its giving error on sudo sh
This is the error I am getting. “sudo: no tty present and no askpass program specified”
I know that, if I put “visiblepw” entry in sudoers file , it will allow to run sudo from script. But its not possible for me to change sudoers file now.
Is there any way I can achieve this without changing sudoers file????
Hope , there will be tricks ….

Rgds
Prasanth
0 Kudos
4 REPLIES 4
Matti_Kurkela
Honored Contributor

‎03-26-2010 02:58 AM

‎03-26-2010 02:58 AM

Re: Run some commands on multiple servers - with root user privillage

Because your script is giving ssh a command to execute at the remote host, SSH assumes non-interactive mode is required. In this situation, SSH does not allocate a pseudo-TTY for the connection by default. This causes sudo to display the "sudo: no tty present..." error message.

You could fix this by using the option "-t" with ssh to force ssh allocate a pseudo-TTY even with non-interactive connections.

I have not checked whether SSH can detect expect as "non-interactive" or not: if a single "-t" option does not help, use "-tt" to absolutely force SSH to allocate a pseudo-TTY at the remote end even if it does not have one at the local end.

MK
MK
0 Kudos
mvpel
Trusted Contributor

‎03-26-2010 07:21 AM

‎03-26-2010 07:21 AM

Re: Run some commands on multiple servers - with root user privillage

There's no reason to use expect to get root access with SSH. Using expect means that you have to have the root password in plain text somewhere, and that's never good practice.

You can set up a set of SSH keys which allow root access directly to the system, and even lock down the keys to permit only specific commands to be run, and only from a specific host.

As long as the private key has no password, or the key is stored at the beginning of the run in a key agent, then there is no password prompt once the remote system is connected.

Check out the documentation specifics for the authorized_keys file for details.
0 Kudos
madhuchakkaravarthy
Trusted Contributor

‎03-26-2010 09:23 PM

‎03-26-2010 09:23 PM

Re: Run some commands on multiple servers - with root user privillage

hi

in host1

1.mkdir .ssh
2.cd .ssh
3.ssh-keygen -t rsa
two files will be generating
add the host entry of host2 in host1.

in host2
repeat the first 2 steps

copy the id.rsa.pub key from host1 in to .ssh of ur home dir.and the same u redirect to authorized_keys.
set 700 for .ssh and 600 for authorized keys

so that u no need to edit sudoers file.

without asking password u can run sh in all .

regards

MC

0 Kudos
Prasanth V Aravind
Trusted Contributor

‎05-17-2010 12:16 AM

‎05-17-2010 12:16 AM

Re: Run some commands on multiple servers - with root user privillage

i am closing this thread
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.