堆栈内存溢出
  简体   繁体   English

使用Net :: SSH Ruby库来执行需要sudo su的远程命令-另一个用户

[英]Using Net::SSH Ruby library to remote command execution that requires sudo su - another user

 原文  2012-12-13 13:38:42       shell/ ssh/ remote-access/ net-ssh/ rundeck

问题描述

My environment is configured with SSH password-less authentication for the user "master" between a node Server (Rundeck server) and node Target (remote Solaris host). 我的环境为节点服务器(Rundeck服务器)和节点目标(远程Solaris主机)之间的用户“主”配置了SSH无密码身份验证。

On Target, I want to execute a script /app/acme/stopApp.sh with the user appmanager . 在目标,我想执行一个脚本/app/acme/stopApp.sh与用户appmanager

Normally, when I need to run the script manually, I use: 通常,当我需要手动运行脚本时,可以使用: 

ssh master@server sudo su - appmanager

or simply: 或者简单地: 

ssh -t master@server 'sudo su - appmanager'

which works without the password and finally run (as appmanager): 无需密码即可工作并最终运行(以appmanager身份): 

/app/acme/stopApp.sh

But I'm unable to figure out how to reproduce these steps using Net::SSH. 但是我无法弄清楚如何使用Net :: SSH重现这些步骤。 When I execute sudo su - appmanager and then /app/acme/stopApp.sh , I'm doing it in a sub-shell, right? 当我执行sudo su - appmanager然后执行/app/acme/stopApp.sh ,我正在子外壳中执行它,对吗? 

require 'rubygems'
require 'net/ssh'
require 'net/scp'
require 'crypt/blowfish'
require 'yaml'

#
# ...
#

Net::SSH.start( host, user, :password => password ) do |session|

  # It's possible to proceed in this way?
  cmd = 'sudo su - appmanager;/app/acme/stopApp.sh'  
  ses = session.exec!( cmd )

end

I realized that if I try to execute something like I'm on the Target server: 我意识到,如果我尝试在目标服务器上执行类似的操作: 

sudo su -c /app/acme/stopApp.sh appmanager

I receive the message below: 我收到以下消息: 

We trust you have received the usual lecture from the local System Administrator. 

It usually boils down to these three things: 

 #1) Respect the privacy of others. 
 #2) Think before you type. 
 #3) With great power comes great responsibility. Password:

Password:

1 个解决方案

解决方案1
 1 已采纳  2012-12-13 19:34:51

This is a bit of a sysadmin-y answer, but I think you are authenticating twice: once to log in as "master" (using master's keypair) and then a second time "master" sudo-ing the su to "appmanager" but using a password (hence the "lecture" message). 这是一个sysadmin-y答案,但是我认为您要进行两次身份验证:一次以“ master”身份登录(使用master的密钥对),然后第二次“ master”将su sudo到“ appmanager”,但是使用密码(因此出现“演讲”消息)。 But I think you're not answering the password challenge the second time. 但是我认为您第二次没有回答密码挑战。 There are a few ways to get around this that come to mind: 有几种方法可以解决此问题:

1) Login as appmanager directly using that account's keypair. 1)使用该帐户的密钥对直接以appmanager身份登录。 If you're worried about the security of the appmanager account, you can restrict ssh remote commands among other things. 如果您担心appmanager帐户的安全性,则可以限制ssh远程命令

2) As master, call a binary ( not a script! ) that is setuid as "appmanager" that simply calls the stopApp.sh script. 2)以master身份,调用setuid为“ appmanager”的二进制文件( 而不是脚本! ),该二进制文件仅调用stopApp.sh脚本。 An example . 一个例子

3) Set the appropriate group that master is in to NOPASSWD in /etc/sudoers. 3)在/ etc / sudoers中将master所在的适当组设置为NOPASSWD

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为使用 SSH.NET SshClient.CreateShellStream 执行的命令 (sudo/su) 提供子命令 - Providing subcommands to a command (sudo/su) executed with SSH.NET SshClient.CreateShellStream 将命令作为输入传递给另一个命令(su、ssh、sh 等) - Pass commands as input to another command (su, ssh, sh, etc) 如何使用脚本在远程服务器上`sudo su postgres` - how to `sudo su postgres` on a remote server with a script ssh 远程执行:无法加载库 - ssh remote execution: can't load library 用于本地(非远程)命令执行的ssh隧道 - ssh tunnel for local (not remote) command execution sudo su后如何执行命令 - How to execute the command after sudo su ssh sudo pipe命令 - ssh sudo pipe command 如何ssh / sudo su-oracle /运行一些命令 - How to ssh/sudo su - oracle/run some commands ssh-将命令参数添加到 su - ssh-add on command argument to su PHP远程Sudo脚本执行 - PHP Remote Sudo Script Execution
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM