15

I am trying to connect to my server using

ssh user@server.com -vv

I get

debug1: read_passphrase: can't open /dev/tty: No such device or address

error or just

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).

when I do not use the -vv option.

/dev/tty file does exist. I am logged in as root, so I have access to it. tty command returns

/dev/console

I am remotely connected (using Putty) to the server, and I am trying to connect to that from another server. It is not a cron job. How can I solve the problem?

questionto42
  • 464
LukLed
  • 253

4 Answers4

8

What does ls -la /dev/tty show? Is it both world-readable and world-writeable?

$ ls -la /dev/tty

crw-rw-rw- 1 root tty 5, 0 Aug 23 20:58 /dev/tty

$

That is what you should see. If not, that's your problem.

Community
  • 1
David Schwartz
  • 31,893
2

I had this read_passphrase: can't open /dev/tty error when my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.

See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, with the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.

questionto42
  • 464
1

What worked for me on a Docker image running node:11-alpine was to modify the SSH config, stripping password auth

echo 'PasswordAuthentication no' >> /etc/ssh/ssh_config

You should also be able to do it on a per-command basis via the -o flag, eg

ssh -o 'PasswordAuthentication no'

The problem is other commands need to know about it, for example git, in which case you could set the $GIT_SSH environment variable (something like this)

export GIT_SSH="ssh -o 'PasswordAuthentication no'"

The first option seemed the most pragmatic for my case, setting the flag by default across the entire system.

quickshiftin
  • 2,225
0

In my case I needed to add the following to /etc/ssh/ssh_config

PasswordAuthentication yes
KbdInteractiveAuthentication yes
PermitTTY yes

Then restart ssh.

Alexander Higgins
  • 101
  • 1