Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

set environment variable SSH_ASKPASS or askpass in sudoers, resp

Tags:

environment-variables

ssh

openssh

debian

I'm trying to login to a ssh server and to execute something like:

ssh [email protected] 'sudo echo "foobar"'

Unfortunately I'm getting an error:

sudo: no tty present and no askpass program specified

Google told me to either set the environment variable SSH_ASKPASS or to set askpass in the sudoers file. My remote machine is running on Debian 6 and I've installed the packages ssh-askpass and ssh-askpass-gnome and my sudoers file looks like this:

Defaults        env_reset
Defaults        askpass=/usr/bin/ssh-askpass

# User privilege specification
root    ALL=(ALL) ALL
user    ALL=(ALL) ALL

Can someone tell what I'm doing wrong and how to do it better.

like image 355
jan Avatar asked Apr 19 '12 16:04

jan

4 Answers

There are two ways to get rid of this error message. The easy way is to provide a pseudo terminal for the remote sudo process. You can do this with the option -t:

ssh -t [email protected] 'sudo echo "foobar"'
like image 64
nosid Avatar answered Sep 22 '22 00:09

nosid

Rather than allocating a TTY, or setting a password that can be seen in the command line, do something like this.

Create a shell file that echo's out your password like:

#!/bin/bash

echo "mypassword"

then copy that to the node you want using scp like this:

scp SudoPass.sh somesystem:~/bin

Then when you ssh do the following:

ssh somesystem "export SUDO_ASKPASS=~/bin/SudoPass.sh;sudo -A command -parameter"
like image 25
Michael Avatar answered Sep 20 '22 00:09

Michael

Another way is to run sudo -S in order to "Write the prompt to the standard error and read the password from the standard input instead of using the terminal device" (according to man) together with cat:

cat | ssh [email protected] 'sudo -S echo "foobar"'

Just input the password when being prompted to.

One advantage is that you can redirect the output of the remote command to a file without "[sudo] password for …" in it:

cat | ssh [email protected] 'sudo -S tar c --one-file-system /' > backup.tar
like image 38
simon04 Avatar answered Sep 22 '22 00:09

simon04

Defaults askpass=/usr/bin/ssh-askpass

ssh-askpass requires X server, so instead of providing a terminal (via -t, as suggested by nosid), you may forward X connection via -X:

ssh -X [email protected] 'sudo echo "foobar"'

However, according to current documentation, askpass is set in sudo.conf as Path, not in sudoers.

like image 1
Jan Hudec Avatar answered Sep 20 '22 00:09

Jan Hudec
Sign in to Comment

Related questions

Connecting to bitbucket repository from jenkins server
Ansible: SSH Error: unix_listener: too long for Unix domain socket
Check whether a path exists on a remote host using paramiko
How do you keep mongo running on a remote server?
Browserify Cannot find module when trying to bundle many js files
How to generate ssh compatible id_rsa(.pub) from Java
set-up X11 Forwarding over ssh
DBeaver ssh tunnel invalid private key
How to make SSH remote port forward that listens 0.0.0.0
Respond y(es) to psftp host key prompt
SmartGit won't authenticate with ssh
sshpass: command not found error
How do I connect to a new Amazon Lightsail instance from my Mac?
SourceTree asks password for SSH authentication at each restart
SSH Public Key Authentication with Libssh2 C++
How to copy file from SSH remote host to Jenkins Server
How can I get write access for a deployment key on Bitbucket or something like that?
Can't disable Ansible's host key checking
Amazon AWS EC2 - Getting a .cer file instead of .pem
fabric: how to double tunnel

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!