This question already has answers here:
How to fix 'sudo: no tty present and no askpass program specified' error?
(30 answers)
Closed 6 years ago.
I am trying to run a script in Django. This script needs to be run with sudo and I have setup the sudoers file so that the command can be executed without entering the sudo password. When I am using the default test server, ie >python manage.py runserver 0.0.0.0:8000, the script executes with no problem. However, after deploying Django with Nginx and uWSGI, the command fails and returns the response
sudo: no tty present and no askpass program specified
Is there some sort of configuration that I have missed?
I am using subprocess to execute the script and the code inside the Django view is like this:
subprocess.check_output( "sudo /path/to/file/fileName.sh", shell=True)
You need to add the user you are using to the sudoers list:
Granting the user to use that command without prompting for password should resolve the problem. First open a shell console and type:
sudo visudo
Then edit that file to add to the very end:
username ALL = NOPASSWD: /fullpath/to/command, /fullpath/to/othercommand
eg
john ALL = NOPASSWD: /sbin/poweroff, /sbin/start, /sbin/stop
will allow user 'john' to sudo poweroff, start and stop without being prompted for password.
Look at the bottom of the screen for the keystrokes you need to use in visudo - this is not vi by the way - and exit without saving at the first sign of any problem. Health warning: corrupting this file will have serious consequences, edit with care!
source: How to fix 'sudo: no tty present and no askpass program specified' error?
Related
While setting up deployment through jenkins for my django project, I got stuck where I had to restart apache2 service to reflect the new changes to the client side. I am not sure how to provide user password after running systemctl reload apache2.service command.
I tried below options but no luck.
1) systemctl reload apache2.service
Result:
Failed to reload apache2.service: Interactive authentication required.
See system logs and 'systemctl status apache2.service' for details.
Build step 'Execute shell' marked build as failure
2) sudo systemctl reload apache2.service
Result :
sudo: no tty present and no askpass program specified
Build step 'Execute shell' marked build as failure
3) Also not sure whether sshpass will help in this case
Attached screenshot taken from jenkins job.
As noted in a comment before, you have an problem with permissions here.
I assume that your Jenkins instance is running under user "jenkins", which cannot execute admin (root) commands. So you need to login via SSH into the machine and make sure that the user "jenkins" can execute this command with sudo.
You can find help for editing the sudoers file here: How To Edit the Sudoers File on Ubuntu and CentOS. I would recommend you to only to allow certain commands.
If you decide that the "jenkins" user needs to enter a password use the following command:
echo password | sudo -S systemctl reload apache2.service
Of cause you should store that password in a secure way and mask it within the build. The Jenkins Credentials Plugin can help you with this.
I am trying to automate a task through a Python script. The idea is to login as a regular user and then send a su command and switch to the root account.
The reason I can't directly login as root is that SSHD doesn't allow root logins.
Here's what I have:
ip='192.168.105.8'
port=22
username='xyz'
password='abc'
ssh=paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(ip,port,username,password)
print ("SSH connection established")
stdin,stdout,stderr=ssh.exec_command('sudo fast.sh')
outlines=stdout.readlines()
outlines+=stderr.readlines()
resp=''.join(outlines)
print(resp)
Now, I want to send the su command and echo the root password. I am aware this is not good practice but I need a quick and easy way to test this so I am OK with that.
However, when I do this
stdin,stdout,stderr=ssh.exec_command('su') and provide the password, I get an error
su: must be run from a terminal
Can some one help me to solve this.
I am running Python script on my Windows laptop to ssh into a Linux device and then switch to the root user using the su command and echo the password so that I can run other commands as root.
Thanks.
First, as you know, automating su or sudo is not the correct solution.
The correct solution is to setup a dedicated private key with only privileges needed for your task. See also Allowing automatic command execution as root on Linux using SSH.
Anyway, your command fails because sudo is configured to require an interactive terminal with requiretty option in sudoers configuration file (as a way to deter its automation).
Paramiko (correctly) does not allocate a pseudo terminal for exec channel by default.
Either remove the requiretty option.
If you cannot remove it, you can force Paramiko to allocate pseudo terminal using get_pty parameter of exec_command method:
ssh.exec_command('sudo fast.sh', get_pty=True)
But that's not a good option, as it can bring you lot of nasty side effects. Pseudo terminal is intended for an interactive use, not for automating command execution. For some examples, see
Is there a simple way to get rid of junk values that come when you SSH using Python's Paramiko library and fetch output from CLI of a remote machine?
Remove of unwanted characters when I am using JSch to run command
Removing shell stuff (like prompts) from command output in JSch
I need to issue "sudo service nginx status" to check for service status. I have the following:
import commands
service output = commands.getoutput("sudo service nginx status")
but I am getting "no tty present and no askpass program specified"
Does someone understand this?
using commands.getoutput makes impossible to provide the user input that is required by sudo command.
The name is self explainable, you are interested only in the command output. stdin is closed.
There are several solutions for this:
Turn off the password verification for the sudo user that is launching this python script. (read about /etc/sudoers)
pipe your password: (unsafe/bad solution but easy)
"echo YOURPASS | sudo ..."
check out subprocess.popen allowing you to provide input either from console or from file
https://docs.python.org/2/library/subprocess.html#popen-constructor
I've written a python script. One of the functions opens a port to listen on. To open a port to listen on I need to do it as super user. I don't want to run the script with sudo or with root permissions, etc. I saw an answer here regarding sub-process using sudo. It's not a sub-process I want as far as I know. It's just a function within the application.
Question: How do I programmatically open a port with super user permissions?
You can't do that. If you could then malicious code would have free access to any system as root at any time!
If you want super user privileges you need to run the script from the root account or use sudo and type in the password - this is the whole point of having user accounts.
EDIT
It is worth noting that you can run bash commands from within a python script - for example using the subprocess module.
import subprocess
subprocess.run(['sudo', 'blah'])
This essentially creates a new bash process to run the given command.
If you do this your user will be prompted to enter their password in the same way as you would expect, and the privileges will only apply to the subprocess that is being created - not to the script that you are calling it from (which may have been the original question).
You could use sudo inside your python script like this, so you don't have to run the script with sudo or as root.
import subprocess
subprocess.call(["sudo", "cat", "/etc/shadow"])
I would like to write a script that will tell another server to SVN export a SVN repository.
This is my python script:
import os
# svn export to crawlers
for s in ['work1.main','work2.main']:
cmd = 'ssh %s "cd /home/zes/ ; svn --force export svn+ssh://174.113.224.177/home/svn/dragon-repos"' % s
print cmd
os.system(cmd)
Very simple. It will ssh into work1.main, then cd to a correct directory. Then call SVN export command.
However, when I run this script...
$ python export_to_crawlers.py
ssh work1.main "cd /home/zes/ ; svn --force export svn+ssh://174.113.224.177/home/svn/dragon-repos"
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-with-mic,password).
svn: Connection closed unexpectedly
ssh work2.main "cd /home/zes/ ; svn --force export svn+ssh://174.113.224.177/home/svn/dragon-repos"
Host key verification failed.
svn: Connection closed unexpectedly
Why do I get this error and cannot export the directory? I can manually type the commands in the command line and it will work. Why can't it work in the script?
If I change to this...it will not work. and instead, nothing will happen.
cmd = 'ssh %s "cd /home/zes/ ;"' % s
This is a problem with SSH.
Permission denied, please try again.
This means that ssh can't login. Either your ssh agent doesn't have the correct key loaded, you're running the script as a different user or the environment isn't passed on correctly. Check that the variables SSH_AUTH_SOCK and SSH_AGENT_PID are passed to the subprocess of your python script.
Host key verification failed.
This error means that the remote host isn't known to ssh. This means that the host key is not found in the file $HOME/.ssh/known_hosts. Again, make sure that you're checking the home directory of the effective user of the script.
[EDIT] When you run the script, then python will become the "input" of ssh: ssh is no longer connected to a console and will ask python for the password to login. Since python has no idea what ssh wants, it ignores the request. ssh tries three times and dies.
To solve it, run these commands before you run the Python script:
eval $(ssh-agent)
ssh-add path-to-your-private-key
Replace path-to-your-private-key with the path to your private key (the one which you use to login). ssh-add will ask for your password and the ssh-agent will save it in a secure place. It will also modify your environment. So when SSH runs the next time, it will notice that an ssh agent is running and ask it first. Since the ssh-agent knows the password, ssh will login without bothering Python.
To solve the second issue, run the second ssh command manually once. ssh will then add the second host to its files and won't ask again.
[EDIT2] See this howto for a detailed explanation how to login on a remote server via ssh with your private key.
I guess that it is related to ssh. Are you using a public key to automatically connect. I think that your shell knows this key but it is not the case of python.
I am not sure but it's just an idea. I hope it helps
Check out the pxssh module that is part of the pyexpect project:
https://pexpect.readthedocs.org/en/latest/api/pxssh.html
It simplifies dealing with automating ssh-ing into machines.