Monday, October 25, 2021

[SOLVED] SSH doesn't run commands following sudo

Issue

I'm trying to execute multiple commands on a remote server. The issue I'm having is that after the sudo command is ran, the ssh connection gets closed automatically.

The main test that is failing:

ssh -i "/path/to/key/id_rsa" user@server << EOF
sudo ls -la "/etc/redhat-release"
cat "/etc/redhat-release"
EOF

Returns only the ls result

-rw-r--r-- 1 root root 55 Jan 29  2013 /etc/redhat-release

While if I put both commands on the same line, i.e.

ssh -i "/path/to/key/id_rsa" user@server << EOF
sudo ls -la "/etc/redhat-release"; cat "/etc/redhat-release"
EOF

I will get the result of both commands

-rw-r--r-- 1 root root 55 Jan 29  2013 /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)

Now for the weirdest part:

  • the main test does work on an other server with identical configuration. There are sets of servers where it works, and other sets where it doesn't.

  • if I remove the sudo from the test, I will get the result from both commands, so it's not an ssh limitation

e.g.

ssh -i "/path/to/key/id_rsa" user@server << EOF
ls -la "/etc/redhat-release"
cat "/etc/redhat-release"
EOF

-rw-r--r-- 1 root root 55 Jan 29  2013 /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)

Additional information:

  • Both commands have the NOPASSWD flag in the sudoers file so no password is asked.

  • requiretty is commented out.

  • ssh version: OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

  • SELinux is disabled

  • the ssh -vvv option doesn't show any significant difference in the logs between a working and non-working server

  • sshd_config are the same between a working and non-working server

I'm assuming here that there must be some configuration difference between the sets of servers because they are consistent with each-other, but I can't figure out what.


Solution

Check your sudo version (sudo -V).

Turns out one server was running Sudo version 1.8.6p3 while the other was on Sudo version 1.8.21p2 and a was running in a bug which was fixed in sudo 1.8.20:

Fixed an issue where sudo would consume stdin if it was not connected to a tty even if log_input is not enabled in sudoers. Bug #786.

Updating the sudo version fixed the issue.



Answered By - Bibz
at