no tty present and no askpass program specified with `ssh -A`

server bash ssh tty
216

Solution 1

SSH authentication and sudo authentication are two different sets of credentials. The -A option to the ssh command applies to SSH only. It provides the ability to forward your credentials so you can ssh from server to another system using your local SSH key.

Unless you have sudo rules allowing you to run commands with no password, it will always need to prompt for your password, either from your shell's terminal or using an askpass program, if so configured. An askpass program is a (typically graphical) helper program that simply prompts for a password securely. To authenticate with sudo remotely, you will have to do one of the two things it is requesting:

  • Ensure you have a tty so sudo can securely prompt for your password on the server. This is as easy as logging in with ssh -t.

  • Tell sudo to prompt for your password using an askpass program with the -A option on sudo (not to be confused with the -A option for ssh!). This can be done in your script, for example, with something like:

    export SUDO_ASKPASS=/usr/lib/openssh/gnome-ssh-askpass
sudo -A ...

Note that since you are piping your shell script to the standard input stream of the SSH connection, sudo will be unable to securely prompt for a password. If sending the script over the SSH standard input like this is a requirement (instead of just copying the script to the server), then the first option will not work. You will have to either use an askpass helper program or configure the required sudo rules to use NOPASSWD, if that is an option.

Solution 2

Your premise that -A will help sudo is wrong unfortunately. It merely forwards the ssh-agent. You will have to run askpass like the warning suggests.

Also note that bash -c is not needed. You can simple pipe in your script with ssh server < mylocalscript.sh

Share:
216

Related videos on Youtube

Dabblernl
Author by

Dabblernl

Updated on September 18, 2022

Comments

  • Dabblernl
    Dabblernl almost 2 years

    I have the following code:

    Public Sub ExecuteMyCommand
   ShowProgressBar=True
   CallLongRunningProcess
   ShowProgressBar=False
End Sub

    To get the progressbar in the UI to actually show before the long running process starts this code has to be rewritten to:

    Public Async Sub ExecuteMyCommand
   ShowProgressBar=True
   Await Task.Run(Sub() CallLongRunningProcess)
   ShowProgressBar=False
End Sub

    Now the problem:

    In some methods the long running process involves creating WPF UserControls. These must be created on a STA thread. I have found how to do this, but then I get an InvalidOperationException because the user control is owned by non UI thread. So, I am looking for a way to update the ShowProgressBar property before calling the long running process on the UI thread (yeah, ugly, I know).

    • Sybren
      Sybren almost 7 years
      What do mean with 'So, I am looking for a way to update the ShowProgressBar property before calling the long running process on the UI thread' , it's just a bool , what do mean with update?
    • Dabblernl
      Dabblernl almost 7 years
      @Sybren The ShowProgressBar property is bound to ProgressBar.Visibility property in the view. Sorry if that was not clear.
  • knownasilya
    knownasilya about 10 years
    Option 1 doesn't seem to work, I get Pseudo-terminal will not be allocated because stdin is not a terminal.
  • Michael Miller
    Michael Miller about 10 years
    Ah, good catch, thanks for correcting. That's because you are piping the script to standard input, so sudo cannot prompt you for your password over the same channel. So basically you will have to use the askpass helper, or change your sudo permissions to use NOPASSWD.
  • knownasilya
    knownasilya about 10 years
    I had the user in a group www-data and that group didn't have NOPASSWD but the user did, and this prevented it from working. Seems like both need it, or maybe just the group?
  • Michael Miller
    Michael Miller about 10 years
    @Knownasilya, not when I tested it. If a user matches sudo rules for the user name and the group name, then any of them should work. If you ssh user@server sudo -l it should list all rules that match. Maybe missing or extra punctuation in /etc/sudoers? That trips me up every now and then.
  • knownasilya
    knownasilya about 10 years
    Don't think so, I used sudo visudo which catches errors..
  • anthony
    anthony over 8 years
    @Knownasilya if you have two rules that match the user/machine/command of the sudo rule, then it is the second (later) rule that will be used. as such if you have NOPASSWD, make sure it is after the other one.
  • yacc
    yacc almost 7 years
    It worked well for me when I had to refresh the UI after an async db query finished, I wonder what's different in your case. I'm doing C# though. And the heavy computing was done by a background worker, of course. I'd never put a burden on the UI thread.
  • Dabblernl
    Dabblernl almost 7 years
    My apologies. Your solution does work for me. I must have done it slightly differently before.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSH remote command execute stays without disconnect when finished execute?
Shell script to SSH into another server and execute a script there
bash: docker: command not found
Run script on shell login for all users
Execute bash script on remote server non-interactively
How do I run a command on a TTY from a SSH session?
Automating file transfer using Bash scripts in SSH on my new server from old server
/dev/tty: no such device or address - only in a script
Why does my remote process still run after killing an ssh session?
"bad variable name" using "read var"