Troubleshooting “debug1: read_passphrase: can’t open /dev/tty” Error in SSH Connections


3 views

When attempting SSH connections between servers, you might encounter this perplexing error:

debug1: read_passphrase: can't open /dev/tty: No such device or address
Permission denied (publickey,password)

This error typically occurs when:

  • SSH tries to prompt for a password/passphrase in a non-interactive session
  • The controlling terminal (/dev/tty) isn't available in the current environment
  • Authentication methods aren't properly configured

Common situations include:

# When running SSH from within scripts:
#!/bin/bash
ssh user@remotehost  # Triggers the error

# When chaining SSH connections:
ssh gateway_server ssh target_server

Solution 1: Use SSH Key Authentication

The most reliable fix is to configure key-based authentication:

# Generate keys if you haven't:
ssh-keygen -t ed25519

# Copy public key to target server:
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server.com

# Then connect without password prompts:
ssh -i ~/.ssh/id_ed25519 user@server.com

Solution 2: Force Non-Interactive Mode

When you must use password auth in scripts:

# Use sshpass (not recommended for production):
sshpass -p "your_password" ssh user@server.com

# Or use expect:
#!/usr/bin/expect
spawn ssh user@server.com
expect "password:"
send "your_password\r"
interact

Solution 3: Terminal Redirection Workarounds

For special cases where you control the environment:

# Create a fake terminal if needed:
script -q -c "ssh user@server.com" /dev/null

# Or force pseudo-terminal allocation:
ssh -tt user@server.com

For persistent connections, modify your SSH config:

# ~/.ssh/config example
Host server.com
  User user
  IdentityFile ~/.ssh/id_ed25519
  PreferredAuthentications publickey
  BatchMode yes  # Disables password prompts

To understand exactly what's failing:

ssh -vvv user@server.com 2>&1 | grep -i "authenticat"
# Look for lines like:
# debug1: Authentications that can continue: publickey,password
# debug1: Next authentication method: publickey

Check these system-level configurations:

# Verify PAM configuration:
cat /etc/pam.d/sshd

# Check sshd_config settings:
grep -i "PasswordAuthentication" /etc/ssh/sshd_config
grep -i "ChallengeResponseAuthentication" /etc/ssh/sshd_config

When attempting SSH connections in automated environments, you might encounter this cryptic error:

debug1: read_passphrase: can't open /dev/tty: No such device or address
Permission denied (publickey,password)

This typically occurs when:

  • Running SSH commands from scripts or cron jobs
  • Using SSH in CI/CD pipelines
  • Executing remote commands through secondary SSH sessions

SSH tries to read credentials interactively from /dev/tty, but in non-terminal environments:

# Check if STDIN is a terminal
test -t 0 || echo "Non-interactive session"

1. Using SSH Keys Without Passphrase

ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/automation_key
ssh -i ~/.ssh/automation_key user@host

2. sshpass Alternative

# Install sshpass first
sshpass -p "your_password" ssh user@host

3. SSH Config Modification

# ~/.ssh/config
Host *
    PreferredAuthentications publickey
    BatchMode yes

4. Using ssh-agent

eval $(ssh-agent)
ssh-add ~/.ssh/your_key
# Now SSH won't prompt for passphrase

For deeper investigation:

strace -f -e trace=open,read,write ssh user@host 2>&1 | grep tty

This helps identify exactly when and why SSH attempts to access terminal devices.

While solving this issue:

  • Never store plaintext passwords in scripts
  • Use SSH keys with limited permissions
  • Consider using SSH certificates instead of keys