I have to run a script remotely on several Fedora machines through ssh. Since the script requires root priviliges, I do: $ ssh me@remosthost 'sudo touch testsudo' #just a simple example sudo: no tty present and no askpass program specified The remote machines are configured in such a way that the password for sudo is never asked for. For the above error, the most common fix is to allocate a pseudo-terminal with the -t option in ssh: $ ssh -t me@remosthost 'sudo touch testsudo' sudo: no tty present and no askpass program specified Let's try to force this allocation with -t -t: $ ssh -t -t me@remosthost 'sudo touch testsudo' sudo: no tty present and no askpass program specified Nope, it doesn't work. In /etc/sudoers of course I have this line: #Defaults requiretty. But I can't manually change it on tens of remote machines. Am I missing something here?
Is there an easy fix? EDIT:. is the sudoers file of a host where ssh me@host 'sudo stat.' . is the sudoers file of a host where it doesn't work. EDIT 2: Running tty on a host where it works: $ ssh me@hostok tty not a tty $ ssh -t me@hostok tty /dev/pts/12 Connection to hostok closed. $ ssh -t -t me@hostok tty /dev/pts/12 Connection to hostok closed.
Now on a host where it doesn't work: $ ssh me@hostko tty not a tty $ ssh -t me@hostko tty not a tty Connection to hostko closed. $ ssh -t -t me@hostko tty not a tty Connection to hostko closed.
$ ssh me@remost_host 'sudo touch test_sudo' #just a simple example sudo: no tty present and no askpass program specified The remote machines are configured in such a way that the password for sudo is never asked for. For the above error, the most common fix is to allocate a pseudo-terminal with the -t option in ssh.
EDIT 3 Permissions on /dev/tty. on a machine where the above didn't work: $ stat /dev/tty.
File: `/dev/tty' Size: 0 Blocks: 0 IO Block: 4096 character special file Device: fd02h/64770d Inode: 17089401 Links: 1 Device type: 5,0 Access: (0666/crw-rw-rw-) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2013-12-11 11:00000 +0000 Modify: 2013-12-11 11:00000 +0000 Change: 2014-01-20 15:00000 +0000 EDIT 4 Ok, so in the /var/log/ I have the following: $ ls /var/log btmp lastlog maillog messages secure spooler sudo tallylog wtmp yum.log I tried with messages and secure, but they are empty. Sudo on the other hand contains something. The only problem being it displays the same log message whether I use -t, -t -t or nothing: Jun 4 17:38:52: myusername: no tty present and no askpass program specified; TTY=unknown; PWD=/home/myusername; USER=root; COMMAND=/usr/bin/stat. Firstly, I think you're probably tackling things the wrong way. If you're running tens of remote machines, and needing to do similar things on many of them, and worrying about not being able to make config changes manually on them, then it sounds like it's time for you to get into using configuration management. Eg Puppet or Chef are the more standard options.
Or maybe Ansible, which has less installation to do on the target machines. Ansible's the most likely to run into the same problem though. If you want to continue with your current approach, look at using dsh to send the command to a list of machines. Probably won't help with the sudo issue though. You say that 'The remote machines are configured in such a way that the password for sudo is never asked for', but it sure looks like sudo wants to ask for a password.
Check again that you can log in to those machines, then run sudo, and it runs OK, without a password. If that works, then check if there's something different in the environment after you log in. Eg run 'ssh you@remotehost env' against hosts where sudo does and doesn't work. To be honest, I'm more puzzled by how sudo is working where you say it does than by how it's failing. Shouldn't you use the following?
Myaccount ALL=(ALL) NOPASSWD: ALL If not like that, then how are you arranging not to require a password?
There are situations where you want to use the Exec Binding to trigger something. Sometimes you need the sudo privilege to do this. I would rather try some group specification to reduce the user rights to a minimum, but here is how i got openHAB to be able to execute sudo. Try executing a command as openhab sudo -u openhab sudo -l We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others.
#2) Think before you type. #3) With great power comes great responsibility. sudo password for openhab: As it is mentioned in there is no password. So adding the user openhab to the sudoers with no password should help. Sudo visudo -f /etc/sudoers.d/010pi-nopasswd Adding following lines openhab ALL=(ALL) NOPASSWD: ALL Executing the sudo command now should display following. As it is explained this execution is necessary.
See further below for more information. Can someone tell me, how i can give sudoers-rights to user openhab only for the command “systemctl”? I want to start / stop / restart openhab service with a script from inside openhab. This is my sudoers-file and it seems to work only partially: CmndAlias SHUTDOWNCMDS = /sbin/poweroff, /sbin/halt, /sbin/reboot, /bin/systemctl CmndAlias UPDATECOMMANDS = /usr/bin/apt-get openhab ALL=(ALL) NOPASSWD: SHUTDOWNCMDS, UPDATECOMMANDS I think reboot works, but systemctl-commands don´t work. There i get still a passwort-promt.
My openhab-server runs on latest debian-version. Looks like you corrupted your sudoers file possibly. I just modified mine and it all works fine. I was incorrrect you do need the second sudo in the command for what you are doing here. It is when you put it into the exec binding in a rules file I was thinking about one sudo. Here is what i did and it worked first try: Welcome to / / / / / ) / / / / / // / / / / / `/ / // / // / / / / / / / // / / // / / / / /./ // /// /// /// ,// // // openHAB 2.4.0M4-1 (Milestone Build) 07:40:49 mullen@wifipi:$ sudo visudo sudo password for mullen:.I added this to my sudoers file: ““openhab ALL=(ALL) NOPASSWD: ALL””.Then I executed the openhab-cli command. 07:43:39 mullen@wifipi:$ sudo -u openhab sudo openhab-cli start A systemd service configuration exists.
Use 'sudo /bin/systemctl start openhab2.service' to start an openHAB service Launching an instance in this terminal. Launching the openHAB runtime. Thedannymullen: Ok, I just looked, I believe you can use your command, but need to drop the second sudo. Kris is trying to test that the sudo works for the openhab user. He is logged in with the login user. So let’s assume he is logged in as openhabian. If you break the command down:.
sudo -u openhab: run the following command as the openhab user. sudo: I’m now the openhab user but I need to run the next command as root. openhab-cli backup /home/kris/OH2Backup.zip: I’m now root, run this command Without the second sudo, the openhab-cli is being run as the openhab user which won’t work.