Skip to content
TMS Internal

SOPs

Running sudo Over SSH

The Problem

Section titled “The Problem”

ssh host sudo <command> fails with sudo: a password is required and exits, even when the account has a valid password. No prompt appears.

Why

Section titled “Why”

sudo reads passwords directly from a terminal so the password never passes through a shell pipeline. A non-interactive SSH session (ssh host <command>) does not allocate a pseudo-terminal on the remote side, so sudo has nowhere to prompt and bails out.

The Fix

Section titled “The Fix”

Option 1 — Force a TTY with -t

Section titled “Option 1 — Force a TTY with -t”
Terminal window
ssh -t remotemac sudo chown -R remotemac /usr/local/Homebrew

-t allocates a pseudo-terminal on the remote side. sudo prompts, password is entered, command runs.

Option 2 — Interactive session

Section titled “Option 2 — Interactive session”
Terminal window
ssh remotemac
sudo chown -R remotemac /usr/local/Homebrew
exit

An interactive ssh session always has a TTY. Use this when more than one sudo command is needed, or when follow-up commands are likely.

Gotchas

Section titled “Gotchas”
  • -t makes the remote side think it has a terminal, which can switch tools to interactive/colored output and break piping. Use -tt to force, or drop -t when capturing output.
  • If sudo has a cached credential from a recent earlier sudo on the same host, no prompt appears — the command just runs.
  • NOPASSWD in /etc/sudoers bypasses this entirely. Check with ssh host 'sudo -n true 2>&1' — silent success means passwordless sudo is configured.
Section titled “Related”