1

I have a simple remote ssh command in script, nohupssh.sh

sleep 30
ssh -v  -l developer server11  "/usr/local/jdk1.7.0_45/bin/jmap -histo:live 1770;"

I run the script as follows:

nohup nohupssh.sh > out.log 2>&1 &

When I execute it as shown above, the jmap utility successfully executes on the remote server. However, if I execute it as shown above and exit the bash shell, I get the error shown below.

Note that I have a properly formatted authorized_keys in both local and remote servers. Also note that there is NO id_rsa in either server since these servers are shared.

I've tried many combinations:

ssh -v -A -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null server11 ....

but to no avail. I've closely examined the man page for ssh for clues, trying various options. I presume there must be a single or set of ssh options that will solve this problem. The real script (rather than the abridged above) has scp as well. Hence, I hope the options that are eluding me will work for both scp and ssh.

The full verbose log is

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /home/developer/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server11 [10.255.10.20] port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/developer/.ssh/identity type -1
debug1: identity file /home/developer/.ssh/id_rsa type -1
debug1: identity file /home/developer/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Warning: Permanently added 'server11,10.255.10.20' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
****************************************************************************
WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored.
****************************************************************************


debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/developer/.ssh/identity
debug1: Trying private key: /home/developer/.ssh/id_rsa
debug1: Trying private key: /home/developer/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
mbsf
  • 131
  • 1
  • 10
  • could be related to http://superuser.com/questions/264820/bash-using-scp-in-cron-job-fails-but-runs-succesfully-when-run-from-command-li – mbsf Apr 03 '14 at 16:07

2 Answers2

1

I had this read_passphrase: can't open /dev/tty error when my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.

See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, in short:

The main error is caused by the

echo "$ssh_prv_key" > /root/.ssh/id_rsa

which passes a wrongly formatted ssh_prv_key, as just one line, although the private key needs many lines.

With the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.

questionto42
  • 7,175
  • 4
  • 57
  • 90
0

From the error log:

Authentications that can continue: publickey,password

Since you don't have a publickey set up ("there is NO id_rsa"), you need to enter a password to access the remote server, but you've disconnected stdin:

read_passphrase: can't open /dev/tty: No such device or address

SSH is not very amenable to hacks to automate password entry, so if you can't put an id_rsa on there, your best bet is to background and detach after entering the remote server's password. Try ^Z:

  1. Run nohup nohupssh.sh > out.log 2>&1
  2. Wait 30 seconds, then enter the remote server password
  3. Hit control-Z
  4. Run bg %1
  5. You should now be able to exit the shell.
Alice Purcell
  • 12,622
  • 6
  • 51
  • 57