Versions Compared

Old Version 9

changes.mady.by.user Nick Romanzo

Saved on

compared with

New Version Current

changes.mady.by.user Allan Cornwell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Product Name

CIS-CAT Pro Assessor v4

Product Version

all

Date

Problem

Info

The remote assessment ssh connection will be successful but commands will error out.

There will be errors in assessor-cli.log - sudo: no tty present and no askpass program specified

Solution

The problem is caused by a setting on the target system in /etc/sudoers -  Defaults requiretty

You can comment that line out or, disable it for the sudo user that is defined in CISCAT sessions.properties.

In this example, carlos is the user configured for the ssh remote assessment. So we can add this additional line to /etc/sudoers which will disable requiretty for sudo user carlos;

 Defaults:carlos !requiretty

Info

Note that if you are using a key to connect to the target it is possible that a password is required for the user to use sudo on the target system.

If you are using a key there are 2 possible solutions.

  1. Change /etc/sudoers on the target so a password is not needed to sudo for that specific user. If the user is carlos then the entry in /etc/sudoers will be; carlos ALL=(root) NOPASSWD:ALL

  2. Or, you will need to add the sudo password to config/sessions.properties. In the example below the session.2.cred section of sessions.properties has the password required for sudo. You can then encrypt the contents of sessions.properties so that password is hidden. Please see this section of the documentation for information on encrypting and decrypting that file.

session.2.type=ssh
session.2.host=10.1.43.55
session.2.user=carlos
session.2.identity=C:\\carlos\\CISCAT\\ciscat.ppk
session.2.cred=password_for_sudo
session.2.port=22

Note

The ssh key needs to be in PEM format i.e. the header of your key file will be;

-----BEGIN RSA PRIVATE KEY-----

Related Content

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
cqllabel = "sbp_ssh"

Copyright © 2020

Center for Internet Security®

Privacy Policy

Page Properties
hiddentrue

Action

Name(s)

Date

Linked Ticket

https://cisecurity.atlassian.net/browse/SUPPORT-9040
https://cisecurity.atlassian.net/browse/SUPPORT-9268 https://cisecurity.atlassian.net/browse/SUPPORT-11011 https://cisecurity.atlassian.net/browse/

Jira Legacy
serverSystem JIRA
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-9040

Jira Legacy
serverSystem JIRA
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-9268
Jira Legacy
serverSystem JIRA
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-11011
Jira Legacy
serverSystem JIRA
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-11250

Created by

Chris Boldiston

Reviewed by

Chris Boldiston Andrew Preston Maricielo Ortega Rojas (Unlicensed) Nick Romanzo Ronan Tiu (Unlicensed)

Approved by

Chris Boldiston Andrew Preston Maricielo Ortega Rojas (Unlicensed) Nick Romanzo Ronan Tiu (Unlicensed)

Remove by