LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-05-2020, 06:58 AM   #1
VP_Chestnut
LQ Newbie
 
Registered: Aug 2020
Location: Tournefeuille, France
Distribution: Mageia, Ubuntu, CentOS
Posts: 6

Rep: Reputation: Disabled
ssh command fails via su -c


I run this command as root from machine1 (CentOS6) :

Code:
[root@machine1] : su - user1 -c "ssh -v user2@machine2"
An OpenSSH window opens, I type the password in it, and log in machine2 as user2.

Just before the window pops up the verbose mode of ssh says :
Code:
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: permanently_drop_suid: 31078
(31078 being user1's UID)

I tried the same on an machine equivalent to machine1 but in CentOS8 :

Code:
[root@machine1bis] : su - user1 -c "ssh -v user2@machine2"
No pop-up window appears, I can't type any password and can't log in machine2.

I get :
Code:
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
I don't know how to get this works on machine1bis, as on machine1.
 
Old 08-05-2020, 06:50 PM   #2
Keith Hedger
Senior Member
 
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 2,849

Rep: Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722
why switch to user1 then login as user2?
 
Old 08-06-2020, 02:08 AM   #3
VP_Chestnut
LQ Newbie
 
Registered: Aug 2020
Location: Tournefeuille, France
Distribution: Mageia, Ubuntu, CentOS
Posts: 6

Original Poster
Rep: Reputation: Disabled
user1 exists only on machine1, and user2 on machine2.
The command line is part of an install script run as root.
 
Old 08-06-2020, 02:12 AM   #4
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,131

Rep: Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876Reputation: 1876
Not sure that answers the question…
Why not simply do
Code:
ssh -v user2@machine2
without the su to user1?

I think the errors are because user1 doesn’t exist on machine2... But that’s just a guess.

Last edited by scasey; 08-06-2020 at 02:16 AM.
 
Old 08-06-2020, 02:30 AM   #5
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,049
Blog Entries: 3

Rep: Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521
Interactive SSH requires allocation of a TTY on the client side. Since su does not do that, you cannot use it with programs which require a controlling TTY. In short, you can't get there from here.

Instead, you can use sudo if it is properly configured.

Code:
sudo -u user1 "ssh -v user2@machine2"
sudo -u user1 ssh -v user2@machine2

sudo -u user1 sh -c "ssh -v user2@machine2"
In contrast to su it will give you a TTY and thus allow use of the SSH client interactively.

Othwerwise, rewrite your workflow so that an interactive session is not needed.

Last edited by Turbocapitalist; 08-11-2020 at 06:39 AM. Reason: extraneous quotes
 
Old 08-10-2020, 06:46 AM   #6
VP_Chestnut
LQ Newbie
 
Registered: Aug 2020
Location: Tournefeuille, France
Distribution: Mageia, Ubuntu, CentOS
Posts: 6

Original Poster
Rep: Reputation: Disabled
The 2nd of the 2 commands works fine, thank you, I understand where the problem was now.

To answer to scasey the actual command in the script is 'ssh-copy-id', in order to have a connection from user1@machine1 to user2@machine2 without password.
I tested with 'ssh' to have the verbose output.
 
Old 08-10-2020, 05:28 PM   #7
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Posts: 1,454

Rep: Reputation: 664Reputation: 664Reputation: 664Reputation: 664Reputation: 664Reputation: 664
Try also
Code:
sudo -u user1 ssh -v user2@machine2
No quotes! (su and sh -c need quotes, but not sudo.)
 
Old 08-11-2020, 06:15 AM   #8
VP_Chestnut
LQ Newbie
 
Registered: Aug 2020
Location: Tournefeuille, France
Distribution: Mageia, Ubuntu, CentOS
Posts: 6

Original Poster
Rep: Reputation: Disabled
Yes it works indeed !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to connect a netbook via cable via PC via UMTS-stick to the internet JZL240I-U Linux - Software 9 06-03-2015 11:45 AM
[SOLVED] raspbian: how to log in via ssh through wlan? (dont work; but ssh via LAN works) floppy_stuttgart Debian 8 03-24-2014 01:42 PM
[SOLVED] SSH auth via openLDAP server fails with 'ldap_search_st(): Timed out' error kriskurk Linux - Security 1 07-06-2011 10:03 PM
[SOLVED] Remote command execution via SSH and newgrp command SuperMegaMau Linux - General 4 05-13-2011 07:31 AM
Internet Radio Streaming via shoutcast via linux installed via an ftp server Good Cat Linux - Server 0 03-07-2011 05:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration