[ale] ssh / sudo file transfer?

timothy at meanor.net timothy at meanor.net
Thu Dec 6 14:11:03 EST 2007 

Actually, I was thinking that you could write an Expect script that would log into the remote box as the user, sudo su to oracle, then use scp -r to recursively copy the directory from the original host over to the remote host.? In other words, use Expect to do this:
[ ralph at hosta ]$ ssh ralph at hostb
[ ralph at hostb ]$ sudo su - oracle
[ oracle at hostb ]$ scp -r ralph at hosta:dir1 .

You could have the Expect script prompt once for the password, and take care of using it when needed so the user only has to type it in once (provided the passwords on the two boxes are the same).

-Tim

?

I?ve done an expect setup forsomething else within the last 6 months.?? However, it seems itwouldn?t work here for the same reasons as I currently have ? the frontend of the pipe would be feeding to the back end and interfering withthings.? It seems I need a way to somehow encapsulate the tar output fromthe left side so that it is only called on the right side at the exact place itis needed.
?
On the other idea someone gave about sudo ?vI guess I should say I misspoke.? My earlier findings were if I do aremote command (like the ls I mentioned works) and then do another one it doesNOT prompt for the sudo password.?? However, despite that it stillhas the issue doing the tar.?? Since the tar with only ssh works itappears to be the combination of ssh and sudo that is causing the issue eventhough the latter doesn?t always require a password depending on howquickly one attempts the second remote command.
?
Thanks for thinking about it though ?I was just curious if anyone had run into it before and figured out a solutionalready.?? It seems tantalizingly close but not quite there.? Ithink I?ll experiment with expect just to be sure though.
?


From: ale-bounces at ale.org[mailto:ale-bounces at ale.org] On Behalf Of timothy at meanor.net
Sent: Thursday, December 06, 200710:21 AM
To: ale at ale.org
Subject: RE: [ale] ssh / sudo filetransfer?
?
I don't know how familiaryou are with Expect, but I think it's your best bet to accomplish somethinglike this.? I've written scripts to do things like ssh to a machine asuser A, sudo su to user B, then execute commands, though I've never tried touse it to transfer files.

HTH,
Tim     
?      
  
I?m  trying to come up with a command line similar to the tar pipeline which  copies files.?? The wrinkle is the user needs to first ssh to the  box as themselves then sudo su to the user name that owns the target  directory.  
e.g.?  Real user is ralph on server that has the real files.? This ralph also  exists on the target server.?? On the target server ralph has  permissions to become oracle user by using ?sudo  su ? oracle? and also permission to run commands  as oracle with ?sudo ?u oracle  <command>?.??   
We  do not have trusts established so users must input his password when doing an  ssh between the servers.?? He must also input password when  executing a sudo command on the target server.?? This works  fine.?   
It  even works fine when I do something like:  
ssh  -tt ralph at remotehost "sudo -u oracle sh -c 'ls  -l /oracle/prod'"   
Note  there is a single quote and a double quote at end of above line.  
In  this command line it prompts for password for the ssh and then again for the  sudo.  
It  also works but spits an error if I do a tar pipeline without the  sudo but with the ssh:  
tar  c dir1 | ssh ?tt ralph at remotehost ?tar  xvf ??   
This  copies dir1 and its contents from the source server across to the home of  ralph on remote host.?? As noted it works but after the ssh  password has been entered it displays:  
tcgetattr:  Invalid argument  
and  then does the transfer successfully.  
However,  when I attempt to add the ?sudo ?u?  syntax to the pipeline it spits the same error as above  but never really logs in.? It appears that the sudo is getting the tar  information from left side of pipe and trying to use that for the sudo  password.?? I?ve tried various quoting and parenthetical  notation but nothing works.  
I?m  wondering if anyone has successful pipeline for such file  transfers or some other solution that does not require me  to enable ssh trusts for the user or to setup special sudo commands.??  What I?m looking for is one off transfers not something  the user will be doing every day so I don?t want to have to modify  sudoers or rsync authorization when they happen to need to transfer a file in  a hurry.    
  
----------------------------------
  CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential  information and is for the sole use of the intended recipient(s). If you are  not the intended recipient, any disclosure, copying, distribution, or use of  the contents of this information is prohibited and may be unlawful. If you  have received this electronic transmission in error, please reply immediately  to the sender that you have received the message in error, and delete it.  Thank you.
  ----------------------------------     
?
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Ale mailing list