9

I have a user on my local (virtual) machine with sudo privileges and when I login with this user I can run SUDO commands such as:

$ sudo ls
[sudo] password for <user>:  ***PASSWORD ENTERTED***
<list of files>

However when I SSH into the same machine I get:

$ ssh <user>@<ip-address>
<user>@<ip-address>'s password: ***PASSWORD ENTERTED***
.
.
.
[<user>@<host> ~]$ sudo ls
[sudo] password for <user>:  ***SAME PASSWORD***
Sorry, try again.
[sudo] password for <user>: ***[CTRL-C]***
sudo: 1 incorrect password attempt

Any idea why this password isn't being accepted over SSH?

Not that it really matters, but I can "su" to root over ssh (by using the root password) but trying to su with "sudo su" (using the user's password) fails.

Edit: The machine I'm SSH-ing to is a CentOS 9 machine running in Virtualbox, and the machine I'm SSH-ing from is a Rocky 9 machine also in Virtualbox. As I say, I can SSH across fine and most commands work but for some reason SUDO is refusing to accept the password. However, I just tried "PuTTY" into the same VM from the Windows host and was surprised to discover than not only does the SSH session work, but SUDO-ing also works! So it seems there must be an issue with the Rocky (from) machine rather than with the CentOs (to) machine.

Improve this question
7
  • 4
    Do all characters of the password get to a shell on the client machine so (prior to ssh-ing) the shell echoes them exactly as you expect? Do all characters of the password get to a shell on the server machine so (after ssh-ing) the shell echoes them exactly as you expect? I don't mean when providing the password. I mean when freely typing in a shell. Are there any characters outside of the ASCII printable set? What if you change the password to be all ASCII?
    – Kamil Maciorowski
    Commented Nov 24, 2023 at 13:27
  • 5
    Are you by any chance pasting your password, rather than typing it? Have you tried running cat -e and just pasting something else into the terminal?
    – Attie
    Commented Nov 24, 2023 at 13:28
  • The password work fine when logging in, so I don't think there are any character set issues or anything. But as a test I did try just typing my password into the prompt (over SSH) to see what it looked like and it looks fine on the screen.
    – Slartibartfast
    Commented Nov 24, 2023 at 13:36
  • 5
    re pasting: there's something called "bracketed paste"... if the terminal emulator and the shell get out of sync, then funny things happen - example ... this can happen fairly easily when using SSH
    – Attie
    Commented Nov 24, 2023 at 13:42
  • 1
    Oh, my goodness. You are right @Attie. I just tried your 'cat -e' test and it is indeed different! Specifically the password I have starts with 2 tilders ("~~...") however when using 'cat -e' the first tilder didn't appear so I had to press "~" three times to get two to show. I then tried entering 3 tilders as my password and it worked! Any idea why 'cat -e' (and indeed the password field itself) is different to the regular prompt?
    – Slartibartfast
    Commented Nov 24, 2023 at 13:45

1 Answer 1

Reset to default
19

After your comments, it sounds like a tilde (~) character was giving you problems.

When you're in an SSH session, the escape sequence ^M~ (that's Return then ~, or Ctrl+M then ~) has a special meaning - see the "Escape Characters" section of the man page.

Pressing the sequence Return, ~, ? will show you a list of supported escape sequences.

If you're unlucky enough to have just pressed Return and then try to enter a tidle followed by one of these options, you won't get any characters delivered to the server... and pressing tilde twice will "unescape" and send a single tilde on your behalf!

Additionally, if you type an unsupported sequence, most clients are kind enough to send the characters to the server for you as if you'd never started the escape sequence in the first place - so this can go unnoticed for some time.

Consider the following, where I type c, a, t, Return, ~, ~, and get only one tilde out:

attie@patch:~$ cat
~

Even though my Return was intended to issue the command (and did so), it was also seen by the SSH client as the start of the Return, ~ escape sequence.

It's important to note that this is a feature of the SSH client, not the server... so you'll find this behaviour with the OpenSSH client (and likely others) - but it won't happen in others (like PuTTY, which uses the "PuTTY Configuration" window instead).

Improve this answer
2
  • Very interesting. Any idea why the '~' sent by PuTTY from Windows didn't trigger the same "escape sequence"?
    – Slartibartfast
    Commented Nov 24, 2023 at 14:11
  • 8
    It's a feature of the SSH client (not server), and PuTTY doesn't do this - it uses the "PuTTY Configuration" window instead.
    – Attie
    Commented Nov 24, 2023 at 14:29

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .