12

I am trying to connect to my server using

ssh user@server.com -vv

I get

debug1: read_passphrase: can't open /dev/tty: No such device or address

error or just

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).

when I do not use the -vv option.

/dev/tty file does exist. I am logged in as root, so I have access to it. tty command returns

/dev/console

I am remotely connected (using Putty) to the server, and I am trying to connect to that from another server. It is not a cron job. How can I solve the problem?

questionto42standswithUkraine
  • 239
  • 1
  • 17
LukLed
  • 223
  • 1
  • 3
  • 11
  • Does the /dev/tty device exist on both servers: – derchris Mar 25 '11 at 16:20
  • @derchris: Yes, it does exist. I can easily connect to `server.com` machine from other places. – LukLed Mar 25 '11 at 16:53
  • What would be a main difference between a server you can, and the server you can't connect? Just trying to rule out any OS/version issues. – derchris Mar 25 '11 at 17:12
  • @derchris: I believe this is related to problem with `/dev/tty` on machine, that I am trying to ssh from, but I don't know how to solve it. – LukLed Mar 25 '11 at 17:16
  • I understand the problem. What I was asking was you said you can connect from somewhere else. So what is the difference between these 2 systems you try to connect from. – derchris Mar 25 '11 at 17:20
  • I can connect from real computer with Windows in Poland, can't connect from virtual server hosted somewhere in Ireland using Linux. But this is not issue here, because I logged in to `server.com` from many different machines. – LukLed Mar 25 '11 at 17:36
  • Well, there is. You mentioned virtual server. It depends on which virtualization you use for this server. Some have limitations on console access, which /dev/tty is. – derchris Mar 25 '11 at 17:45
  • @derchris: Hmm, thanks for explaining. How can I check if I have limitations and how to overcome them with ssh? – LukLed Mar 25 '11 at 21:46
  • What virtualization you are using? – derchris Mar 26 '11 at 02:10
  • Did you take a look at ssh server log (`/var/log/secure` on CentOS) to see what happen when you try to connect? – quanta Jul 07 '11 at 09:28

3 Answers3

8

What does ls -la /dev/tty show? Is it both world-readable and world-writeable?

$ ls -la /dev/tty

crw-rw-rw- 1 root tty 5, 0 Aug 23 20:58 /dev/tty

$

That is what you should see. If not, that's your problem.

Community
  • 1
David Schwartz
  • 31,215
  • 2
  • 53
  • 82
2

I had this read_passphrase: can't open /dev/tty error when my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.

See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, with the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.

questionto42standswithUkraine
  • 239
  • 1
  • 17
0

What worked for me on a Docker image running node:11-alpine was to modify the SSH config, stripping password auth

echo 'PasswordAuthentication no' >> /etc/ssh/ssh_config

You should also be able to do it on a per-command basis via the -o flag, eg

ssh -o 'PasswordAuthentication no'

The problem is other commands need to know about it, for example git, in which case you could set the $GIT_SSH environment variable (something like this)

export GIT_SSH="ssh -o 'PasswordAuthentication no'"

The first option seemed the most pragmatic for my case, setting the flag by default across the entire system.

quickshiftin
  • 2,025
  • 5
  • 27
  • 41