`nixos-rebuild --use-remote-sudo` prompts me for a password 3 times

I’m trying to build and switch a flake-based config from my Mac on a remote machine, but every time I do so I get prompted for a password 3 times, with the message Shared connection to nixos closed. for the first 2, before it finally finalizes the rebuild.

I run this on my aarch64-darwin to build my config on the remote machine and switch it there:

$ nix run nixpkgs#nixos-rebuild -- --fast --target-host murad@nixos --build-host murad@nixos --flake ./nix#nixos --use-remote-sudo switch
building the system configuration...
warning: The interpretation of store paths arguments ending in `.drv` recently changed. If this command is now failing try again with '/nix/store/naqjgfjgaf02fadqx648ylnw1mhqv9w3-nixos-system-nixos-24.05.20240531.63dacb4.drv^*'
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
[sudo] password for murad:
Shared connection to nixos closed.
[sudo] password for murad:
Shared connection to nixos closed.
[sudo] password for murad:
activating the configuration...
setting up /etc...
reloading user units for murad...
restarting sysinit-reactivation.target

While it succeeds, it’s annoying to have to input my password 3 times as it’s quite long.

Here’s the remote machine’s info. I think it’s also worth noting that I access the remote machine via Tailscale (WireGuard tunnel).

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"aarch64-linux"`
 - host os: `Linux 6.6.54, NixOS, 24.05 (Uakari), 24.05.20240531.63dacb4`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.2`
 - channels(root): `"nixos-24.05"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

I’m not specifically familiar w/ this but I’d see if your sudoers configuration requires auth on every invocation (vs. the typical default of retaining auth for some amount of time).

My auth is good for 30 mins after the first sudo invocation

1 Like

The nixos-rebuild script runs multiple commands on the remote machine via ssh, each one over a new connection, so you have to enter your password again for each invocation.

4 Likes

Ok that explains it. I didn’t expect this would be intended design of nixos-rebuild

2 Likes

Fwiw the new nixos-rebuild-ng does not ask for the sudo password multiple times if you use the --ask-sudo-password flag. But it’s still experimental and warns that it may break your system, so if you don’t want to find out if it does it’s maybe better to wait until it’s stable.