[X-Unix] ssh sudo password in clear text
Eric F Crist
ecrist at secure-computing.net
Sun Jun 10 15:31:09 PDT 2007
On Jun 10, 2007, at 4:50 PMJun 10, 2007, Paul Hess wrote:
>> echo "password" | ssh someserver.com sudo mailstuff/sa-learn.sh
>
> Hi Eric,
>
> Here's the rub that brings me back to square one (unless I
> misunderstand the piping).
>
> If I use the command above, wouldn't the password be sent to "ssh"
> rather than sent to the "sudo" command? I think I somehow need to
> put echo "password" into the command line after ssh to be piped to
> sudo but I don't understand the syntax to do that. I believe it
> has to do with single quotes but I can't find a way to get it right.
Paul,
The echo "password" portion of the command gets piped into the
entirety of ssh someserver.com sudo mailstuff/sa-learn.sh. In this
case, the sudo ... is what reads that input from stdin.
To help you understand:
foo | bar
In the above example, foo is seen as input on stdin from bar('s)
perspective. Try the command I sent you, it should work just fine.
I tested it on my systems here, an OS X client connecting to a
FreeBSD 6.x server, and things went swimmingly. If the command
*does*, for some reason, fail, add a -S (hyphen upper S) after sudo
and before mailstuff/sa-learn.sh. This option tells sudo to accept
the password from stdin rather than a device (read tty).
Give it a try and tell me how it goes.
HTH
*For the record, I don't sit at home on a Sunday waiting for X-Unix
email, I, (un)fortunately have the benefit of a [Cr|Bl]ackberry that
summons me in the middle of my honey-do list... ;)
-----
Eric F Crist
Secure Computing Networks
More information about the X-Unix
mailing list