sup icon indicating copy to clipboard operation
sup copied to clipboard

Published 20 hours ago verified publisher icon pressly

Sudo won't accept password on remote host

Open jzs opened this issue 7 years ago • 5 comments

I have a command in my Supfile sudo systemctl restart myservice.service.

When running it against a localhost host it asks for a sudo password just fine, and accepts my input. However when running it against a remote ubuntu host, it doesn't show the password prompt and it looks like sup is hanging. When pressing ^C then it prints: [sudo] password for xxxx: followed by terminating the connection.

Adding: stdin:true seems to do the trick, however it then prints out [sudo] password for xxxx: after i type my password. (It looks like it hangs, i write the password, it prints out [sudo] password for xxxx and then accepts the password i typed in. On the same time, my password is printed to the console when typeing. Hence no read -s functionality.

Alternatively adding %xxxx ALL=NOPASSWD: /bin/systemctl stop myservice.service to the sudoers file on the remote host also works. Since it will then skip asking for password.

Here's a minimal Supfile to recreate my issue:

# Supfile for myservice
---
version: 0.4

networks:
  dev:
    hosts:
      - localhost
  release:
    hosts:
      - myserver.com:999

commands:
  stop: 
    desc: Stop service
    run: sudo systemctl stop myservice.service

My Dev machine is running arch linux and the server is running Ubuntu 16.04.2 LTS.

jzs avatar Apr 23 '17 06:04 jzs

@VojtechVitek do you think we can add input for asking password?

alinz avatar May 11 '17 13:05 alinz

Getting the same behaviour deploying on my CentOS server

wildan2711 avatar May 24 '17 06:05 wildan2711

Are all the examples done with passwordless sudo? Or is this an isolated problem? Haven't used sup yet myself but I'm very intrigued.

MatthiasKauer avatar Jan 18 '18 14:01 MatthiasKauer

Yes, all the examples were done with password-less sudo.

It all comes down to the infrastructure set-up. From my experience, most of the companies use private/public SSH key pairs to login to the instances (sometimes via a bastion host) and then the sudo itself doesn't have password, but is restricted to certain commands (like. sudo docker, ie. https://askubuntu.com/a/477554) etc.

There was some work done to make sudo a Supfile option, but it was never finished. https://github.com/pressly/sup/pull/51

VojtechVitek avatar Jan 18 '18 19:01 VojtechVitek

man sudo

  -S, --stdin
                 Write the prompt to the standard error and read the password from the standard input
                 instead of using the terminal device.  The password must be followed by a newline
                 character.

@VojtechVitek @alinz You dont' ask me, but IMHO: in this cases it's better to add cookbook with answers like this, than add a new feature that do exactly the same, but with new syntax.

slavaGanzin avatar May 11 '18 13:05 slavaGanzin