sign up log in tour help

Server Fault is a question and answer site for system and network administrators. It's 100% free, no registration required. Sign up ×

Can't ssh as tty-less user

I am trying to run a single command by invoking ssh (using key authentication) from a user which does not have a tty (the user my
apache server is running as) and keep getting the following result:

OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012

Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: identity file nonpublic/id_rsa type 1
debug1: identity file nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: checking without port identifier
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.

The -t flag is set when invoking ssh. The key does not have a passphrase, which should suppress the need for any input, but
apparently it doesn't. How can I prevent ssh from trying to open /dev/tty?

Edit: Code tags not working?

Edit2: Full ssh command:

ssh -i nonpublic/id_rsa -l username -p 54367 -t -v username@localhost /home/username/minecraftserver/Scripts/start 2>&1

I've replaced my username with "username".

Edit3: I tried ssh-ing using the same key as root and got this result:

OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /srv/http/nonpublic/id_rsa type 1
debug1: identity file /srv/http/nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: checking without port identifier
The authenticity of host '[localhost]:54367 ([::1]:54367)' can't be established.
ECDSA key fingerprint is e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:54367' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /srv/http/nonpublic/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/srv/http/nonpublic/id_rsa':
debug1: No more authentication methods to try.
Permission denied (publickey).

It prompts me for a passphrase even though it shouldn't need any. Furthermore, I can use the key to ssh in using PuTTY on a windows
machine just fine and it doesn't prompt me for a passphrase.

Edit4: I added the server to the apache users known_hosts and now I get this:

OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012

Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: identity file nonpublic/id_rsa type 1
debug1: identity file nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: Host '[localhost]:54367' is known and matches the ECDSA host key.
debug1: Found key in /srv/http/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: nonpublic/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: No more authentication methods to try.
Permission denied (publickey).`

Also, this is the contents of known_hosts:

[localhost]:54367 ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILr7jLp5CeYfyrCroaDjkaWgDHXRrQD

Why does it say ecdsa? It's an rsa key.

Edit5: Solved. The problem was that the key pair was generated by PuTTY, which writes the private key in a format which isn't
compatible with OpenSSH. Solution provided by cjc in a comment.
linux ssh

edited Mar 22 '12 at 0:40 asked Mar 21 '12 at 23:32

Surma
33 1 4

    Re: code tag. No, either surround code with back-tick, or put 4 spaces in front of the line. – cjc Mar 21 '12 at
23:37

    What's the full ssh command? – cjc Mar 21 '12 at 23:38

    Why are you passing a -t ? – Zoredache Mar 21 '12 at 23:43

    @Zoredache Thought it would help. Some site suggested it. –  Surma Mar 21 '12 at 23:45

1   @Surma, ecdsa is referring to the server's key, not the key on the client. – amcnabb Mar 22 '12 at 0:12

2 Answers

The problem doesn't actually seem to be that it's trying to read the passphrase--that's just a
warning. Rather, it's trying to do host key verification but failing. If you really want it to never
ask about host keys, consider adding the following options to the ssh command line:

-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
GlobalKnownHostsFile=/dev/null

Note that there may be security implications, so make sure to read about these options in the
ssh_config man page.
EDIT: Given your updated error messages, it looks like you have a corrupted identity file (or as
cjc pointed out, it might be in the wrong format). Try creating a new one manually with ssh-
keygen, and add it to the server's authorized_keys.

edited Jul 5 at 4:55 answered Mar 21 '12 at 23:44

uvsmtid amcnabb
215 2 8 437 3 9

    You seem to be right, I just tried to use the key as root. Result in OP. –  Surma Mar 21 '12 at 23:54

1   Actually, instead of using StrictHostKeyChecking=no, you can also get the server's public key and stick it in
the user's .ssh/known_host file. Or put that in the system-wide known_hosts file. – cjc Mar 22 '12 at 0:00

    @cjc, I agree that's usually the better solution. – amcnabb Mar 22 '12 at 0:03

    @cjc I copied the known_hosts from root (who added the server to the known hosts) and set up the correct
permissions. I get different output now, check the OP. –  Surma Mar 22 '12 at 0:06

1   @amcnabb You mentioned that you used the key in PuTTY. Did you convert the key to OpenSSH? – cjc Mar
22 '12 at 0:12

Out of interest, what is set as the environment in /etc/passwd - the lack of /bin/bash will
probably be your issue.

answered Mar 21 '12 at 23:42

Ben Lessani - Sonassi
4,201 6 25

    /bin/false I probably should have mentioned that this is being run by php, which apparently spawns a shell
when you invoke shell_exec() (which is what I'm using to run this). –  Surma Mar 21 '12 at 23:53

1   Understood. Then in that case, why are you not just using pecl.php.net/package/ssh2 - rather than hacking
through with shell_exec() – Ben Lessani - Sonassi Mar 21 '12 at 23:57

    That is a good idea. –  Surma Mar 22 '12 at 0:50

    Sure is, you should really explain in your question that you are attempting to do this via PHP - as the answer
I've provided is more accurate to solve your question. – Ben Lessani - Sonassi Mar 22 '12 at 12:30