Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix salt-ssh support for sudo with a password #61910

Merged
merged 2 commits into from
Apr 12, 2022

Conversation

nicholasmhughes
Copy link
Collaborator

What does this PR do?

This PR ports the work by @MovingEarth in #48435 to the master branch and introduces some tests around building the salt-ssh command required for the functionality.

What issues does this PR fix or reference?

Fixes: #8882
Fixes: #60403

Previous Behavior

salt-ssh could not be used without having root ssh or password-less sudo

New Behavior

The provided password for login to a system can now be used for sudo escalation

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

Commits signed with GPG?

Yes

Please review Salt's Contributing Guide for best practices.

See GitHub's page on GPG signing for more information about signing commits with GPG.

@nicholasmhughes nicholasmhughes requested a review from a team as a code owner April 2, 2022 15:46
@nicholasmhughes nicholasmhughes requested review from dwoz and removed request for a team April 2, 2022 15:46
@nicholasmhughes
Copy link
Collaborator Author

re-run pr-photon-3-x86_64-py3-pytest

@Ch3LL Ch3LL added the Phosphorus v3005.0 Release code name and version label Apr 12, 2022
@Ch3LL Ch3LL merged commit 0208dbb into saltstack:master Apr 12, 2022
@ichilton
Copy link

@nicholasmhughes Very happy to see this finally added, this will finally make salt-ssh really useful - thank you!!

@nicholasmhughes nicholasmhughes deleted the fix-ssh-sudo-password branch April 12, 2022 22:41
@nicholasmhughes
Copy link
Collaborator Author

@ichilton You're quite welcome!

@vrubim
Copy link

vrubim commented Jun 1, 2023

Hi, This should work on 3006.1 version?
Running this command:
salt-ssh -i "*" --user xxxx --askpass --sudo -A cmd.run ' ls' -l error
This error is returned:
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper sudo: a password is required

I try to pass "--passwd" instead of --askpass with same results.

(Running equivalent command with ansible "-k -K -m shell -a 'ls' --become" works fine)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Phosphorus v3005.0 Release code name and version
Projects
None yet
5 participants