Execution of remote scripts containing sudo:
791 views
Skip to first unread message
Alistair Mason
Feb 25, 2016, 7:07:16 AM2/25/16
to rundeck-discuss
Hi,
I'm attempting to use Rundeck to execute a remote script which itself uses "sudo" to execute commands. The job step fails with the error "sudo: no tty present and no askpass program specified", Is it possible to force jsch-ssh to allocate a tty? If appears to do so if the command/script to be executed by is itself prefixed with "sudo".
I've also attempted to use script-exec as the default node executor. This also fails as I believe Rundeck fails to provide the password. The following was output to the log:
WARNING: You have accessed a computer system managed by ....
You are required to have a personal authorisation from the system administrator
before you use this computer and you are strictly limited to the use set out in
that written authorisation. Unauthorised access to or misuse of this system is
prohibited and may constitute an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without authority
... will take appropriate action against you. This may include legal
proceedings, prosecution and disciplinary action up to and including dismissal.
{user}@{host}'s password:
Permission denied, please try again.
Permission denied, please try again.
Received disconnect from {host}: 2: Too many authentication failures for {user}
[script-exec]: result code: 255, success: false
[script-exec]: result code: 255, success: false
Failed: NonZeroResultCode: Result code was 255
The script-exec configuration is:
plugin.script-exec.default.command=ssh -t -t -o "StrictHostKeyChecking no" ${option.username}@${node.hostname} ${exec.command}
plugin.script-exec.default.shell=bash -c
service.NodeExecutor.default.provider=script-exec
Can I configure Rundeck to identify the ssh password prompt?
Thanks
Alistair
I'm attempting to use Rundeck to execute a remote script which itself uses "sudo" to execute commands. The job step fails with the error "sudo: no tty present and no askpass program specified", Is it possible to force jsch-ssh to allocate a tty? If appears to do so if the command/script to be executed by is itself prefixed with "sudo".
I've also attempted to use script-exec as the default node executor. This also fails as I believe Rundeck fails to provide the password. The following was output to the log:
WARNING: You have accessed a computer system managed by ....
You are required to have a personal authorisation from the system administrator
before you use this computer and you are strictly limited to the use set out in
that written authorisation. Unauthorised access to or misuse of this system is
prohibited and may constitute an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without authority
... will take appropriate action against you. This may include legal
proceedings, prosecution and disciplinary action up to and including dismissal.
{user}@{host}'s password:
Permission denied, please try again.
Permission denied, please try again.
Received disconnect from {host}: 2: Too many authentication failures for {user}
[script-exec]: result code: 255, success: false
[script-exec]: result code: 255, success: false
Failed: NonZeroResultCode: Result code was 255
The script-exec configuration is:
plugin.script-exec.default.command=ssh -t -t -o "StrictHostKeyChecking no" ${option.username}@${node.hostname} ${exec.command}
plugin.script-exec.default.shell=bash -c
service.NodeExecutor.default.provider=script-exec
Can I configure Rundeck to identify the ssh password prompt?
Thanks
Alistair
Luis Toledo
Feb 26, 2016, 11:28:17 AM2/26/16
to rundeck-discuss
Hi
Take a look this http://rundeck.org/docs/plugins-user-guide/ssh-plugins.html#secondary-sudo-password-authentication
For example:
<node name="luisao-ubuntu" description="Rundeck server node" tags="ubuntu" hostname="192.168.0.3" osArch="amd64" osFamily="unix" osName="Linux" osVersion="4.2.0-27-generic" username="luisao"
ssh-authentication="password"
ssh-password-storage-path="keys/server/ubuntu"
sudo-command-enabled="true"
sudo-password-storage-path="keys/server/ubuntu"
/>
Also, in the script that you define inside the job step, you have to set the "Invocation String" parameter like this: sudo ${scriptfile}
Reply all
Reply to author
Forward
0 new messages