Jschssh - sudo authentication - no tty present and no askpass program specified

[techr...@gmail.com]

I have a scenario where I have to login to machines with user id and password and execute scripts with sudo access.  I have machines with various platforms including solaris, MAC, linux and Windows. I am able to successfully execute sudo command using secondary sudo access but fails on Solaris platform.

I am getting "sudo: no tty present and no askpass program specified" when executed sudo commands from Rundeck using default SSH configuration

As suggested in this discussion forum  https://groups.google.com/forum/#!topic/rundeck-discuss/CLlQglM4wQw , I tried configuring using Rundeck Script plugin for sudo execution.  While using Rundeck script plugin it failed with "read_passphrase: can't open /dev/tty: No such device or address". It looks like Rundeck script plugin relays on keys and not userid\password authentication.

My issue is 

1. How could I execute jsch-ssh so that I could bypass no tty present when executing sudo commands. if this is not possible how could I provide rundeck script plugin the option.password which is taken from the rundeck option.  I would prefer using Jschssh to fix no tty present issue as it is already working for my other platforms.

Note: I cannot use ssh keys for authentication at this point of time.I can only provide userid and password.

Error Using Jschssh - default Rundeck ssh

-----------------------------------------------------------

going to execute sudo k

sudo: no tty present and no askpass program specified

Remote command failed with exit status 1

Failed: NonZeroResultCode: Remote command failed with exit status 

resource.xml 

--------------------

<node ssh-password-storage-path="keys/keyshapwd/shpwd" name="mymachine.us.myorg.com" description="Rundeck server SOLARIS node" tags="hudson" hostname="mymachine.us.myorg.com" osArch="amd64" osFamily="unix" osName="Solaris" osVersion="xxxxxx" username="${option.sudoUsername}" ssh-password-option="option.sudoPassword" sudo-command-enabled="true" sudo-password-option="option.sudoPassword" sudo-prompt-pattern="Password:"  />

Rundeck Script plugin with sudo with -v

-----------------------------------

workflow] beginExecuteNodeStep(mymachine.loc.myorg.com): NodeDispatch: com.dtolabs.rundeck.execution.ExecutionItemFactory$4@15cb5436

[script-exec] executing: ssh -v -T -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null my...@mymachine.loc.myorg.com hostname

OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 49: Applying options for *

debug1: Connecting to mymachine.loc.myorg.com [xx.xx.xx.xx] port 22.

debug1: Connection established.

debug1: identity file /home/myid/.ssh/id_rsa type 1

debug1: identity file /home/myid/.ssh/id_rsa-cert type -1

debug1: identity file /home/myid/.ssh/id_dsa type -1

debug1: identity file /home/myid/.ssh/id_dsa-cert type -1

debug1: identity file /home/myid/.ssh/id_ecdsa type -1

debug1: identity file /home/myid/.ssh/id_ecdsa-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.4

debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2

debug1: no match: Sun_SSH_2.2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr hmac-md5 none

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Server host key: RSA 31:31:cb:d5:e0:54:13:d2:47:f5:04:51:78:8b:1c:35

Warning: Permanently added 'mymachine.loc.myorg.com,' (RSA) to the list of known hosts.

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /home/myid/.ssh/id_rsa

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Trying private key: /home/myid/.ssh/id_dsa

debug1: Trying private key: /home/myid/.ssh/id_ecdsa

debug1: Next authentication method: keyboard-interactive

debug1: read_passphrase: can't open /dev/tty: No such device or address

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug1: read_passphrase: can't open /dev/tty: No such device or address

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: read_passphrase: can't open /dev/tty: No such device or address

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: No more authentication methods to try.

Permission denied (publickey,keyboard-interactive).

[script-exec]: result code: 255, success: false

[script-exec]: result code: 255, success: false

Failed: NonZeroResultCode: Result code was 255

[workflow] finishExecuteNodeStep(mymachine.loc.myorg.com): NodeDispatch: NonZeroResultCode: Result code was 255

[Sunil Tantry]

Hi,

I have the exact same problem, did you find a solution to this. If yes, please share the solution.

Thanks,

Sunil

[Peter Garlic]

Hi
at the end the command launced is:

ssh -v -T -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null my...@mymachine.loc.myorg.com hostname

Works if you enter it by hand? I suppose no.
Did you try different flags combination from command line that is the easier way to debug the problem?


My default node executor on the project is: /usr/bin/ssh -q -tt -F /var/lib/rundeck/.ssh/config ${node.username}@${node.hostname} -- ${exec.command}
Maybe just the usage of -tt instead of -T could help. I´d spent a lot of time before to find the

-Peter

[Peter Garlic]

p.s.
(end of previous sentence): I´d spent a lot of time before to find the right command line and after that I´ve traslated them on rundeck configuration

p.p.s
you can also take a look at sshd_config for that issue

[Sunil Tantry]

Thanks for the update Peter,
Can you please paste the contents of /var/lib/rundeck/.ssh/config file , or if possible export the entire project and attach it here or email me..

I am really keen on getting this working , but have been unable to do so.

Thanks,
Sunil

On Friday, May 27, 2016 at 2:27:07 AM UTC+10, techr...@gmail.com wrote:

[Peter Garlic]

Hi Sunil
sorry but I can´t because is our interal ssh bastion host configration.
Also you don´t need them if you are not using ssh "jump servers" an there are no special configurations inside, just a list of host/addresses that would be redirected jumping over another ssh server.

try with -tt flag
-Peter

[Sunil Tantry]

Thanks for the info Peter, Will give it a try now.

Thanks,