1

My user is in root group. I canot ssh to server as root because is says Permission denied, please try again. What I usualy do is I ssh as my user and once I'm logged in i type sudo su and I proivde my user's password to become root.

I want to automate part of my job so I want to write a bash script which would ssh as my user, switch to root and then call set of commands.

So far I came with following script but I am unable to switch to root user without asking user for password:

while read p; do
   p=$(echo $p|tr -d '\r')
   sshpass -p "myPasswd" ssh  -T -o StrictHostKeyChecking=no myUser@remoteServer << EOT
   cd /var/log/jboss/   #here I am getting 'permission denied' message as only root has access
   exit
EOT
done < $nodes

I also tried:

sshpass -p "myPasswd" ssh  -tt -o StrictHostKeyChecking=no myUser@remoteServer 'cd /var/log/jboss/'

but I got the same permission denied error message

Improve this question
3
  • If you have root access, you can configure sudo on the remote host to allow you to run certain commands with sudo without requiring a password. Commented Mar 14, 2019 at 13:18
  • 1
    You should also set up public-key authentication so that you don't need to expose your password in clear txt in your script. Commented Mar 14, 2019 at 13:19
  • 1
    Check the NOPASSWD option to the sudoers configuration. Commented Mar 14, 2019 at 13:44

1 Answer 1

Reset to default
1

For security reasons, root users are typically not allowed ssh access. 

PermitRootLogin no # value in /etc/ssh/sshd_config

The above setting is preventing you from logging in as root in the first place. If you are "comfortable" with you network's security, you can consider modifying that setting. If you ever make modifications to the sshd config, you'll need to restart the ssh service:

sudo service sshd restart

Of course, if you want to adhere to common wisdom, you may want to make changes to your sudoers file (as recommended by chepner and Nic3500). Here's a reasonable configuration change to make:

Add the following line to the bottom of your /etc/sudoers file:

#includedir /etc/sudoers.d

And add the following files to your /etc/sudoers.d directory:

cat /etc/sudoers.d/10_wheel:
%wheel ALL=(ALL) NOPASSWD: ALL

The above example configures sudo to allow access to all commands to members of the wheel group, without a password. You may want to change the group name to a group that your user is a member of.

You can determine your groups by issuing the command:

groups

Also, to avoid the use of sshpass, you can deploy ssh public keys to the remote host. Lastly, if you don't want to change the server at all, you can achieve what you are trying to do with expect. If you are comfortable with python coding, I recommend pexpect - I find it soooo much easier than the TCL based expect that is typically discussed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.