from user1@host1 I wish to execute a docker command on a remote host i.e root@host2
Thus, on remote host2 I made the below changes:
sudo visudo
user1 ALL=(ALL) NOPASSWD: /bin/docker
dbuser ALL=(ALL) NOPASSWD: /bin/docker
I login from host1 to host2 using the below ssh command:
[root@host1]# ssh -i /home/user1/.ssh/id_rsa user1@host2
[user1@host2 ~]# sudo -u root -i -H
[root@host2 ~]# sudo docker exec STG-MYDB-mongo-rs mongo --port 27062 --authenticationDatabase '$external' --authenticationMechanism PLAIN -u 'dbuser' -p 'dbpassword' --eval 'rs.isMaster()'
MongoDB shell version v4.2.20
connecting to: mongodb://127.0.0.1:27062/?authMechanism=PLAIN&authSource=%24external&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("cadeffab-911e-4290-9455-4aabcb232dfd") }
MongoDB server version: 4.2.20
{
"hosts" : [
"host2.ec2.internal:27062",
"host3.ec2.internal:27062",
"host4.ec2.internal:27062"
],
"setName" : "REPGBMA062",
"setVersion" : 10,
"ismaster" : true,
"secondary" : false,
"primary" : "host2.ec2.internal:27062",
"me" : "host2.ec2.internal:27062",
"electionId" : ObjectId("7fffffff0000000000000129"),
"lastWrite" : {
"opTime" : {
"ts" : Timestamp(1689546619, 1),
"t" : NumberLong(297)
},
"lastWriteDate" : ISODate("2023-07-16T22:30:19Z"),
"majorityOpTime" : {
"ts" : Timestamp(1689546619, 1),
"t" : NumberLong(297)
},
"majorityWriteDate" : ISODate("2023-07-16T22:30:19Z")
},
"maxBsonObjectSize" : 16777216,
"maxMessageSizeBytes" : 48000000,
"maxWriteBatchSize" : 100000,
"localTime" : ISODate("2023-07-16T22:30:23.089Z"),
"logicalSessionTimeoutMinutes" : 30,
"connectionId" : 7620,
"minWireVersion" : 0,
"maxWireVersion" : 8,
"readOnly" : false,
"ok" : 1,
"$clusterTime" : {
"clusterTime" : Timestamp(1689546619, 1),
"signature" : {
"hash" : BinData(0,"bPyk8MEnMN/ThBc8m1tdsVjOcN8="),
"keyId" : NumberLong("7216872790308536321")
}
},
"operationTime" : Timestamp(1689546619, 1)
}
[root@host2 ~]# sudo docker exec STG-MYDB-mongo-rs mongo --port 27062 --authenticationDatabase '$external' --authenticationMechanism PLAIN -u 'dbuser' -p 'dbpassword' --eval 'rs.isMaster()' | grep primary
"primary" : "host2.ec2.internal:27062",
However, when I try the same command through ssh it fails with an error and does not return the same output I received running the command manually.
Failure output:
[root@host1 actions-runner]# ssh -t -i /home/user1/.ssh/id_rsa [email protected] "sudo docker exec STG-MYDB-mongo-rs mongo --port 27062 --authenticationDatabase '$external' --authenticationMechanism PLAIN -u 'dbuser' -p 'dbpassword' --eval 'rs.isMaster()'"
##################################################################
# *** This Server is using Centrify *** #
# *** Remember to use your Active Directory account *** #
# *** password when logging in *** #
##################################################################
MongoDB shell version v4.2.20
connecting to: mongodb://127.0.0.1:27062/?authMechanism=PLAIN&compressors=disabled&gssapiServiceName=mongodb
2023-07-16T22:32:32.073+0000 E QUERY [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:353:17
@(connect):3:6
2023-07-16T22:32:32.074+0000 F - [main] exception: connect failed
2023-07-16T22:32:32.074+0000 E - [main] exiting with code 1
Connection to host2.ec2.internal closed.
[root@host1 actions-runner]#
How can I get the same output using the remote ssh command as I get running the command manually?
When you issue your SSH remote command :
ssh (...) "sudo docker (...) --authenticationDatabase '$external' (...)"
... the $external part gets interpolated locally by your shell because it is inside a double-quoted string. So if the variable $external is not defined locally, you're actually sending an empty value (e.g. --authenticationDatabase ''). Simply escaping the dollar character (\$) should be enough to make your command work as expected.
Cheers