96

When attempting to run a remote binary using sudo on the remote box:

ssh remotehost "sudo ./binary"

I see this error:

sudo: no tty present and no askpass program specified

How can I work around this?

Zanna
  • 70,465
Drew Noakes
  • 5,708

6 Answers6

102

A simple way is to specify -t:

ssh -t remotehost "sudo ./binary"

From the man page:

Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.

I cannot explain exactly why this works, and there may be a better way. I'd like to hear about it if so :)

@psusi explains why this works in a comment below.

Drew Noakes
  • 5,708
  • 18
    It works because sudo requires a tty to prompt for a password, and when specifying commands to run to ssh, it doesn't allocate one by default since this is normally used to run non interactive commands that may transfer binary data, which can trip up the tty. – psusi Apr 15 '13 at 14:39
  • @psusi Do you know the answer to this related question? http://unix.stackexchange.com/questions/110841 – trusktr Jan 25 '14 at 03:38
  • 3
    There is also -tt, required when passing command using heredoc – Rufus Nov 28 '18 at 00:44
  • This is best way. Worked for me. – Divyanshu Kushwaha Dec 23 '20 at 16:39
39

Question:

How can I work around this?

sudo: no tty present and no askpass program specified

Alternate Answer

As an alternative, try:

sudo -S ./[yourExecutable]

This directs sudo to read the password from the standard input, stdin.

Scenarios where this Helps

In chroot environments, these other answers may not work correctly ... perhaps because:

  1. /etc/shadow vs /etc/passwd conflict not allowing the user to enter a password.
  2. In a chroot-ed environment, access to tty1 can be a bit glitchy, and ctrl-alt f2 -- to tty2 is unfeasible, because it is a tty of the non-chroot-ed environment.

For example: Manually installing / repairing linux or the bootloader, using a chroot environment, (such as Archlinux and arch-chroot).

elika kohen
  • 494
6

It fails, because sudo is trying to prompt on root password and there is no pseudo-tty allocated.

You've to either log-in as root or set-up the following rules in your /etc/sudoers (or: sudo visudo):

# Members of the admin group may gain root privileges
%admin  ALL=(ALL) NOPASSWD:ALL

Then make sure that your user belongs to admin group (or wheel).

kenorb
  • 10,347
  • whilst this is not true (no evidence is given for this, and users in the admin group with that code in centos and ubuntu systems still get the error), it is a great tip for remoting to create groups and rules based upon those groups for escalated tasks – MrMesees Dec 02 '16 at 23:02
4

In my case I've received this error because I wasn't specifying a command that I would like to use as root in the sudoers

Something like

/etc/sudoers.d/myuser:

myuser ALL=(root) NOPASSWD: \
    /bin/ls -la

worked for me

Drew Noakes
  • 5,708
GarouDan
  • 327
4

You need to define terminal/application that will read the password. There are two variants:

  1. export SUDO_ASKPASS=/usr/libexec/openssh/ssh-askpass
  2. vim /etc/sudoers (Defaults visiblepw)
jkt123
  • 3,530
  • 22
  • 24
user282246
  • 49
  • 14
    Is it not better to use visudo instead of vim /etc/sudoers in order to avoid potentially locking yourself out of your machine due to having made an error in your edit? – Drew Noakes May 16 '14 at 19:57
3

You can also create a file like "sudo_shutdown" in /etc/sudoers.d, with content:

# Allow admins to shutdown without pass
%adm ALL=(ALL) NOPASSWD: /sbin/shutdown

This allows users which are in the adm group to shutdown without a password.

Peter
  • 39
  • 1