non-interactive ssh sudo… prompts for the password in plain text

All we need is an easy explanation of the problem, so here it is.

I’m running some non-interactive ssh commands. The ssh authentication is taken care of fine through the ssh agent, but if I run a command that requires sudo then the password prompt in my terminal is plain text. For example:

ssh remotemachine "sudo -u www mkdir -p /path/to/new/folder"

will prompt me for the password in plain text. Does anyone know how I can get it to use the normal secure prompt or that I can pass the password via a switch? (as then I can set up a secure prompt on this side before I send the command)

Any help is much appreciated.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Use ssh -t:

man ssh

-t   Force pseudo-tty allocation. This can be used to execute arbitrary 
     screen-based programs on a remote machine, which can be very useful, 
     e.g. when implementing menu services. Multiple -t options force tty 
     allocation, even if ssh has no local tty.

So your command will be

ssh remotemachine -t "sudo -u www mkdir -p /path/to/new/folder"

If you don’t want to enter password, you can (if you are allowed to) modify sudoers using command visudo.

Add parameter NOPASSWD:, for example

username ALL=(ALL) NOPASSWD: /bin/mkdir

If you can’t edit /etc/sudoers, you can use sudo -S:

man sudo

-S      The -S (stdin) option causes sudo to read the password from
        the standard input instead of the terminal device.  The
        password must be followed by a newline character.

With that, command would be

echo "your_password" | ssh remotemachine -t \
     "sudo -S -u www mkdir -p /path/to/new/folder"

Remember that this will add your password to command history of your shell (with bash, that would be ~/.bash_history file).

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply