Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


Product Name

CIS-CAT Pro Assessor v4

Product Version

all

Date



Problem

The remote assessment ssh connection will be successful but commands will error out.

There will be errors in assessor-cli.log - sudo: no tty present and no askpass program specified

Solution

The problem is caused by a setting on the target system in /etc/sudoers -  Defaults requiretty

You can comment that line out or, disable it for the sudo user that is defined in CISCAT sessions.properties.

In this example, carlos is the user configured for the ssh remote assessment. So we can add this additional line to /etc/sudoers which will disable requiretty for sudo user carlos;

 Defaults:carlos !requiretty

Note that if you are using a key to connect to the target it is possible that a password is required for the user to use sudo on the target system.

If you are using a key there are 2 possible solutions.

  1. Change /etc/sudoers on the target so a password is not needed to sudo for that specific user. If the user is carlos then the entry in /etc/sudoers will be; carlos ALL=(root) NOPASSWD:ALL

  2. Or, you will need to add the sudo password to config/sessions.properties. In the example below the session.2.cred section of sessions.properties has the password required for sudo. You can then encrypt the contents of sessions.properties so that password is hidden. Please see this section of the documentation for information on encrypting and decrypting that file.

session.2.type=ssh
session.2.host=10.1.43.55
session.2.user=carlos
session.2.identity=C:\carlos\CISCAT\ciscat.ppk
session.2.cred=password_for_sudo
session.2.port=22


Copyright © 2020

Center for Internet Security®


  • No labels