With SSH you can run commands on remote machines, even if the command requires sudo privileges.
Secure Shell includes a lot of tricks, many of which can make your admin's life exponentially easier. One such trick is the ability to run commands on remote servers, without logging in.
Sure, you can take the time to log into the server, run the command, and log out, but why not just do it all in one fell swoop? Not only is this handy, it's quite easy.
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
What you need
The only things you need for this is two more Linux machines, all of which include the openssh-server up and running (and accepting connections). If you don't have the SSH daemon installed, you can do this from the standard repositories. For instance, on the Ubuntu Server platform, the command to install the SSH daemon is:
sudo apt-get install openssh-server -y
For CentOS 7, the command is:
sudo yum install -y openssh-server
Once installed, you'll want to enable the server with the commands:
sudo systemctl start sshd sudo systemctl enable sshd
Now that you have the SSH daemon running on your remote servers, you can send commands to them. Let's find out how.
Running a basic command
Let's get a listing of files on a remote /etc directory. To do this, the command is:
ssh USER@SERVER_IP "ls /etc"
Where USER is a remote user name, and SERVER_IP is the IP address of the remote server. Once you successfully enter the remote user's password, you will get a listing of the /etc/ directory on the remote server.
Running a command that requires sudo
But what if you need to run a command that requires sudo privileges on a remote server? If you do that, you'll see a tty error (Figure A).
How do you get around that? Fortunately, there's a little switch you can add to the command. Said switch is -t. What does -t do? It forces pseudo-terminal allocation, so ssh has no idea it doesn't have a local terminal to use.
So, to run a remote command, via ssh, that requires sudo privileges, the ssh command looks like:
ssh -t USER@SERVER_IP "sudo COMMAND"
Say, for instance, you want the user jack to upgrade a remote server at 192.168.1.201. This command is:
ssh -t email@example.com "sudo apt-get upgrade -y"
You will first be asked for the user's password for the SSH connection, followed by a second request for the user's password for sudo privileges (Figure B).
The command will run as though it was executed on the local machine (only it's running on the remote machine). When the command completes, you'll return to the local prompt, ready to keep working.
And that's all there is to running commands that require sudo privileges on a remote machine, via SSH.
- How to use multiplexing to speed up the SSH (TechRepublic)
- How to create an SSH jailed user on Debian 9 (TechRepublic)
- 5 quick SSH hardening tips (TechRepublic)
- How to block SSH attacks on Linux with denyhosts (TechRepublic)
- OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed (ZDNet)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- 10 dangerous app vulnerabilities to watch out for (TechRepublic download)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)