SSH command fails if it contains sudo
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
The steps outlined on this article are provided AS-IS. This means we've had reports of them working for some customers — under certain circumstances — yet are not officially supported, nor can we guarantee they'll work for your specific scenario.
You may follow through and validate them on your own non-prod environments prior to production or fall back to supported alternatives if they don't work out.
We also invite you to reach out to our Community for matters that fall beyond Atlassian's scope of support!
Summary
Depending on your environment and build/deployment configuration, you might face an issue where an SSH or Scrip Task fails if it contains sudo.
Environment
Bamboo build/deployment configured with an SSH / Script Task where sudo is included in the command.
Diagnosis
The following error can be seen in the logs:
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
Cause
This happens because no tty is allocated by default for an automated SSH session.
Solution
Workaround 1
Echo the password and pipe it to the command so it's read as standard input.
echo ${bamboo.password_variable} | sudo -u <user> -S <command>
echo ${bamboo.password_variable} | ssh <user>@<host> "sudo -u USER -S <command>" Your password will be displayed on the stdout and this could pose a security risk.
Workaround 2
It is possible to configure users (or groups of users) to not require a password when running the sudo command. For that:
On the remote machine you'll be connecting to, use
visudoto add the user account to the list of accounts that don't require a password forsudo:sudo visudo # Add the following lines to the end of the file: <user> ALL=(ALL) NOPASSWD: ALL- The script should then run without asking for passwords.