Fix for remote deployments password cannot be read

is there any fix for this that is relatively simple and declarative?

nixos-rebuild switch --flake .#server --target-host shaniag@<my-ip-is-here> --use-remote-sudo

building the system configuration...
copying 0 paths...
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required

server openssh config:

    openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
    };

And added the public ssh key of my desktop as well. I would like to prevent using Password auth.

The error is not related to ssh. You tell nixos-rebuild to use sudo on the remote machine and it is sudo asking for the password.

You probably have to add the relevant commands to the sudoers file so the user shaniag may execute them using sudo without additional authentication.

@wamserma I did this on my server, was pretty sure this made sure to enable what you just described.

nix.settings.trusted-users = [ “shaniag” ];

This marks the user as trusted with respect to operations on the nix store. It is not related to allowing the user to run sudo nixos-rebuild (or the sudo switch-to-configuration) without entering a password.

See this thread discussing the exact same thing, a variety of workarounds are mentioned: Remote nixos-rebuild: sudo askpass problem

Yes, in case anyone ever has the same problem, I figured this simple solution out:

    sudo.extraConfig = ''
      %wheel ALL=(ALL) NOPASSWD: ALL, SETENV: ALL
    '';

it might not be the most secure variant, but you could further restrict it to only allow rebuilding without providing a password.

That just disables password checks for all commands. I probably wouldn’t recommend this to future readers (or you), see the other thread for less nuclear options. But hey, you know your security requirements best.

yeah, it is not very nice. That is why i said only disable password check for the nixos rebuild command