bugsbunny has asked for the wisdom of the Perl Monks concerning the following question:

hi,
I'm executing some scripts via qx//, but they require password to contiune. the problem is that I can't see the password prompt...ex: 
qx[ssh -t user\@machine sudo /bin/mv file file.dest]

[download]
Now if I remove the '-t' flag I see the the password prompt, but then there is the problem with sudo i.e. in this case when I type the password it is seen on the screen.
In the shell script I used successfuly '-t' flag to hide the password, now in I'm rewriting it in perl, but...
Could u give some hints how overcome this problem...


man ssh
-t Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.

tia

Replies are listed 'Best First'.
Re: qx//, ssh -t (pseudo-tty) and sudo
by Anonymous Monk on Nov 07, 2003 at 12:02 UTC
    try IPC::Open3 (or 2)...
[reply]
Re: qx//, ssh -t (pseudo-tty) and sudo
by Roger (Parson) on Nov 07, 2003 at 13:57 UTC
    Since you have sudo access on the remote machine, and you have Secure Shell working on both machines, why don't you just ssh directly as root onto the target machine? Do you have any security concerns? (Roger thinks ssh->root is as secure/insecure as ssh->sudo.)

[reply]
      Way OT here, but there is a huge difference between using ssh as root and using ssh as a normal user who has sudo privileges.

      While the differences are too numerous to mention, it is important to remember root is all-powerful. Period. No questions asked.

      sudo is highly configurable as to which user/group can do what. You can fine-tune which user can do X, which group can do Y, etc.

      I'll take 1,000 users with sudo privileges over 1,000 users logging in as root any day. At a minimum, I can look at the logs and see who did what, as opposed to thousands of entries showing root logging in, and then one entry where root rm -rf /.

      If things get any worse, I'll have to ask you to stop helping me.

[reply]
        sudo is highly configurable as to which user/group can do what. You can fine-tune which user can do X, which group can do Y, etc.

        Agreed, but once I convinced the system admin that I had to do sudo make to compile some program. Having obtained the sudo access, I made a simple Makefile that called a script that modified the sudoer file, and gave me total control of the system. :-)

[reply]
[d/l]
      hmm :"),
      sorry i didn mentioned it.. this is a part of a script that does many other things..I want a script not a manualy doing this
      And SUDO usage is the thing that guerantees security.. as many of u know giving root direct ssh access is not a good thing..i dont do it too :")
      it has to always happen trought other user i.e. log as user X and switch to root only if nececary.
      Now sudo is the only secure way to give non-root users some privileges, but not all.
      Here comes the next barier i.e. the use of keychain(ssh-askpasswd! and so) which prevents multiple time entering password and doesnt transffer passwords over the wire.
      In fact there is no other good secure method for restarting services automaticly via scripts over the network. I searched alot :"). if u know other way pls tell me
      So back on the problem SUDO for some reason when ask for a password displays the password at the time I type it.
      When I was doing this in shell script I solved the problem by specifyng "-t" switch. (with it the password is not shown while I type it.)
      Now this trick doesnt work under perl. And from the responses and from my google search it seem to be really tricky thing...
[reply]
Re: qx//, ssh -t (pseudo-tty) and sudo
by sgifford (Prior) on Nov 07, 2003 at 16:10 UTC
    Doing IO with TTYs, pseudo or otherwise, can be tricky. You might want to look at Net::SSH or Expect to do the hard part for you.
[reply]
Re: qx//, ssh -t (pseudo-tty) and sudo
by iburrell (Chaplain) on Nov 08, 2003 at 01:00 UTC
    sudo has the -S option which causes it to read from stdin. This means you don't have to worry about the -t option to ssh, tty's, and all that stuff. The stdin is piped through ssh so open with pipe or IPC::Open3 will work fine.
[reply]
[d/l]
Re: qx//, ssh -t (pseudo-tty) and sudo
by Nitrox (Chaplain) on Nov 07, 2003 at 13:30 UTC
    What about setting up certificate based authentication for the user you're logging in with?

    -Nitrox

[reply]
      the program asking for password is in-fact SUDO,not the ssh.
      For ssh i have keychain installed and configured, so it doesnt ask for password
[reply]

        Have you tried NOPASSWD in your sudo config? Something like:

        # User specification
        user machine=(otheruser) NOPASSWD: /bin/mv

[reply]

Back to Seekers of Perl Wisdom