Dear friends,
on my everyday box I have enabled the certificate based passwordless login to my pihole raspbian box.
I can therefore just issue my 'ssh bob@192.168.1.65" command and get to a pihole shell where I can run 'pihole -up' when I need to.
Is there a way to use a script from my everyday box so that it runs the update from a local script?
tried but get an error
ssh bob@192.168.1.65 'bash -s' < test2.sh
sudo: no tty present and no askpass program specified
where test2.sh just has
(base) bob@Roberts-Mac-mini ~ % cat test2.sh
I think I could via homebrew or mac ports. How would I use that to satisfy the sudo password prompt? Not sure I'd like to store my plaintext password in the local shell script
The command below works for me when I run it on my Mac or from a Linux Mint machine. Substitute the Pi-hole username (normally pi) and IP as needed. Does it work from your everyday box with your passwordless login?
Thanks chris but no, that command too gives me the prompt for the sudo password since I usually run as a non privileged user (which belongs to sudoers):
(base) bob@Roberts-Mac-mini ~ % ssh bob@192.168.1.65 -o RemoteCommand="pihole -up"
sudo: no tty present and no askpass program specified
-t Force pseudo-terminal allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.
What was the command that worked in the end? How many t switches needed?
In the opening post you said your Pi-hole login is bob@192.168.1.33 but then you were using .65 after that. Can you clarify (may help others finding this later on)?
Also, did you set up the OS with the default user pi and then add bob later? If so, what did you have to do to bob to get all the permissions correct (eg adding to groups, etc). Or did you choose bob as that first user from the very start? All handy to know for anyone with "non-standard" non-pi user.
On my pihole bob is a non privileged regular user, but it is also in the sudoers group:
bob@piholerpi:~ $ id
uid=501(bob) gid=501(bob) groups=501(bob),27(sudo)
so it can run any command because the following is present in the /etc/sudoers file:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
I can login and run scripts from my everyday box onto the pihole box since on the latter the user bob has a .ssh directory with the proper certificates installed.
Hope this clarifies and thanks a lot for your insight and help.
I don't know if this is possible on a Mac but you might be able to configure this as an alias rather than calling a script.
For example, on my Linux box I have added alias piup='ssh nathan@192.168.1.254 -t -o RemoteCommand="pihole -up"'
to ~/.zshrc This means I can just type piup into the console. Assuming bash on a Mac is the same as Linux you could add yours to ~/.bashrc as you probably don't have zsh.
Nice one, thanks for the clarifying and the info on the bob user. I was curious because I was wondering if the Pi-hole install or update script has any special group requirements, but seeing as it is supported on other distros that are not customised to the Pi (ie no pi user in a whole raft of groups by default), I guess it just needs standard sudoers access as you have there.
You can indeed mostly do anything *nix on a Mac, including aliases of course.
Having said that I vastly prefer a script with a "talking" name e.g. pihole_update.sh rather than an alias since using it only every now and then I do not have to remember the alias I have a little scripts directory under my home with a dozen "speaking" scripts and just run the one I need
I use standard Debian on my Pi, that only comes with root by default (which can only be accessed via ssh if you use a key - mine is headless and I'm too lazy to move it somewhere near a TV). One of the first things I do after a fresh flash of the sd card is configure a personal user.
