Bash – “sudo: sorry, you must have a tty to run sudo” when using sudo in a remote script

bashsshsudo

I want to run a series of sudo-elevated commands on a remote machine from an embedded script. To simplify the question, I'm just trying to run sudo id and get it to tell me that it's root.

I am encountering "sudo: sorry, you must have a tty to run sudo" when I run this script:

#!/bin/bash
ssh -t 192.168.1.100<<EOF
sudo id
EOF

But not when I run this:

#!/bin/bash
ssh -t 192.168.1.100 sudo id

How do I get the first one, with the end-of-file designations for an embedded script to respect the forced tty at the other end of the SSH?

Best Answer

With the first one there is no tty for ssh since stdin is not connected to the terminal, it is a here file. In fact if I try to run a similar command (on Debian) I get the following error:

Pseudo-terminal will not be allocated because stdin is not a terminal.

To get it to work you can do something like:

ssh -tt 192.168.1.100 <<EOF
sudo -S id
password
EOF

Although this is not a good idea since the password will be in plain text.

Update

I stumbled across an easy solution to this that avoids encoding the password in plain text, you can use a graphical program to enter the password:

ssh -X 192.168.1.100 <<EOF
SUDO_ASKPASS=/usr/lib/ssh/x11-ssh-askpass sudo -A id
EOF

Of course the ssh-askpass program must be installed in the given location and you must be running an X session on the machine you are working on. There are a few variations on the ssh-askpass program which should also work (Gnome/KDE versions). Also a graphical sudo replacement program like gksu or kdesudo should do the job too.

Related Solutions

SSH Sudo Expect – Run Command with Sudo on Remote Machine

I think you missed a level of quotes escaping. At this high level of escaping, it is best to simply make a little script for every stage where otherwise quotes would be required.

Otherwise, you could try this modified version (but mind you, I don't encourage this coding style!)

function _remoteInstallation(){
    local retval=1
    local debToInstall=$(basename "$1")
    local remoteMachine="$2"
    spawned=$(expect -d -c "
          set timeout 1800
          spawn \"/usr/bin/ssh -t borrajax@$remoteMachine /usr/bin/sudo /usr/bin/dpkg -i /home/borrajax/Documents/$debToInstall\"
          expect {
                \"Are you sure you want to continue connecting\" { send \"yes\r\"; exp_continue }
                \"password\" { send \"myPassword\r\";  exp_continue }
                \"[sudo] password\" { send \"myPassword\r\";  exp_continue }
                default { exit 1 }
          }
    " )
    retval=$?
    return $retval
}

Bash – Which shell interpreter runs a script with no hashbang… but run as sudo

$SHELL does not tell you which shell you're running, it tells you what the environment variable SHELL is. Bash sets this to the path to your login shell iff it's not set already.

You are running sh (dash, for you) under sudo, which you can see straightforwardly by using pstree:

$ cat test.sh
pstree $$
$ ./test.sh
bash───pstree
$ sudo ./test.sh
sh───pstree

Using sh is in line with POSIX, although that part of the specification isn't binding on sudo's implementation choices.

readlink /proc/$$/exe will also confirm that it's dash specifically. You could also use any of the other ways of identifying the running shell from the question you linked.

In dash, $'abc' is a lone dollar sign with no meaning followed by a single-quoted string - basically the same way that foo=$ would keep the sign around in any shell.

Best Answer

Update

Related Solutions

SSH Sudo Expect – Run Command with Sudo on Remote Machine

Bash – Which shell interpreter runs a script with no hashbang… but run as sudo

Related Question