no tty present and no askpass program specified with `ssh -A`
Solution 1
SSH authentication and sudo authentication are two different sets of credentials. The -A
option to the ssh
command applies to SSH only. It provides the ability to forward your credentials so you can ssh from server
to another system using your local SSH key.
Unless you have sudo rules allowing you to run commands with no password, it will always need to prompt for your password, either from your shell's terminal or using an askpass program, if so configured. An askpass program is a (typically graphical) helper program that simply prompts for a password securely. To authenticate with sudo remotely, you will have to do one of the two things it is requesting:
Ensure you have a tty so sudo can securely prompt for your password on the server. This is as easy as logging in with
ssh -t
.Tell sudo to prompt for your password using an askpass program with the
-A
option onsudo
(not to be confused with the-A
option forssh
!). This can be done in your script, for example, with something like:export SUDO_ASKPASS=/usr/lib/openssh/gnome-ssh-askpass sudo -A ...
Note that since you are piping your shell script to the standard input stream of the SSH connection, sudo
will be unable to securely prompt for a password. If sending the script over the SSH standard input like this is a requirement (instead of just copying the script to the server), then the first option will not work. You will have to either use an askpass helper program or configure the required sudo
rules to use NOPASSWD
, if that is an option.
Solution 2
Your premise that -A will help sudo is wrong unfortunately. It merely forwards the ssh-agent. You will have to run askpass like the warning suggests.
Also note that bash -c
is not needed. You can simple pipe in your script with ssh server < mylocalscript.sh
Related videos on Youtube
Dabblernl
Updated on September 18, 2022Comments
-
Dabblernl almost 2 years
I have the following code:
Public Sub ExecuteMyCommand ShowProgressBar=True CallLongRunningProcess ShowProgressBar=False End Sub
To get the progressbar in the UI to actually show before the long running process starts this code has to be rewritten to:
Public Async Sub ExecuteMyCommand ShowProgressBar=True Await Task.Run(Sub() CallLongRunningProcess) ShowProgressBar=False End Sub
Now the problem:
In some methods the long running process involves creating WPF UserControls. These must be created on a STA thread. I have found how to do this, but then I get an InvalidOperationException because the user control is owned by non UI thread. So, I am looking for a way to update the ShowProgressBar property before calling the long running process on the UI thread (yeah, ugly, I know).
-
Sybren almost 7 yearsWhat do mean with 'So, I am looking for a way to update the ShowProgressBar property before calling the long running process on the UI thread' , it's just a bool , what do mean with update?
-
Dabblernl almost 7 years@Sybren The ShowProgressBar property is bound to ProgressBar.Visibility property in the view. Sorry if that was not clear.
-
-
knownasilya about 10 yearsOption 1 doesn't seem to work, I get
Pseudo-terminal will not be allocated because stdin is not a terminal.
-
Michael Miller about 10 yearsAh, good catch, thanks for correcting. That's because you are piping the script to standard input, so sudo cannot prompt you for your password over the same channel. So basically you will have to use the askpass helper, or change your sudo permissions to use
NOPASSWD
. -
knownasilya about 10 yearsI had the user in a group
www-data
and that group didn't haveNOPASSWD
but the user did, and this prevented it from working. Seems like both need it, or maybe just the group? -
Michael Miller about 10 years@Knownasilya, not when I tested it. If a user matches sudo rules for the user name and the group name, then any of them should work. If you
ssh user@server sudo -l
it should list all rules that match. Maybe missing or extra punctuation in/etc/sudoers
? That trips me up every now and then. -
knownasilya about 10 yearsDon't think so, I used
sudo visudo
which catches errors.. -
anthony over 8 years@Knownasilya if you have two rules that match the user/machine/command of the sudo rule, then it is the second (later) rule that will be used. as such if you have NOPASSWD, make sure it is after the other one.
-
yacc almost 7 yearsIt worked well for me when I had to refresh the UI after an async db query finished, I wonder what's different in your case. I'm doing C# though. And the heavy computing was done by a background worker, of course. I'd never put a burden on the UI thread.
-
Dabblernl almost 7 yearsMy apologies. Your solution does work for me. I must have done it slightly differently before.