How to SSH Directly Into a sudo Shell Without Getting Stuck

 

How to SSH Directly Into a sudo Shell Without Getting Stuck

When working with Linux servers, it's common to log in with an administrative user (not root) and then elevate privileges with sudo. But sometimes we want to SSH directly into a root-like shell without typing sudo every time.

At first glance, you might think something like this works:

ssh admin@host "sudo -i"

Unfortunately, it doesn’t behave as expected. Instead of dropping you into an interactive shell, the session hangs or immediately exits. Why? Let’s break it down.

Why ssh admin@host "sudo -i" Fails

By default, SSH does not allocate a pseudo-terminal (PTY) when executing a remote command.

  • sudo -i (or sudo su -) launches an interactive login shell.

  • Without a PTY, sudo has nowhere to attach its interactive session.

  • Result: you either get stuck waiting for input or the session terminates right away.

If you enable debug output (ssh -v), you might see something like this:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/me/.ssh/id_rsa RSA SHA256:xxxxxxxx explicit
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
admin@192.168.243.179's password:

Notice how it falls back to asking for a password even though a key is available. And once authenticated, the session just hangs because there’s no TTY for sudo to run its shell.

The Fix: Use -t to Force a Pseudo-Terminal

The solution is to explicitly request a PTY with SSH’s -t option:

ssh -t admin@host "sudo -i"

Now SSH creates a terminal on the remote side, allowing sudo to start a full interactive login shell.

You can run commands, navigate the system, and everything behaves just like if you had logged in normally and typed sudo -i.

A Subtle Gotcha: Argument Order & Aliases

In my case, I had defined an alias for SSH in my shell config:

alias ssh='ssh -o SomeOption=foo'

Unfortunately, I forgot to include the -t flag inside this alias. So when I typed:

ssh admin@host "sudo -i"

it was silently expanding into a command without -t. That’s why it still failed even after I thought I was using the correct syntax.

The fix was simple:

  1. Update the alias definition to include -t if needed, or

  2. Skip the alias and explicitly run:

    /usr/bin/ssh -t admin@host "sudo -i"

Also, remember to reload your shell after editing aliases:

source ~/.zshrc   # or ~/.bashrc

Otherwise, you’re still running the old alias definition.

sudo -i vs sudo su -

Both achieve a similar result: starting a root login shell.

  • sudo -i follows the target user’s login sequence, simulating a fresh login.

  • sudo su - switches user and spawns a login shell, but technically uses su.

In practice, both work fine with ssh -t.

Pro Tip: Create a Shortcut

If you find yourself doing this often, define a dedicated alias:

alias sshroot='ssh -t admin@host "sudo -i"'

Now you can log in directly as root (via sudo) with a single command:

sshroot

Conclusion

The key takeaway:

  • Always use ssh -t when you want an interactive sudo shell.

  • Be careful with shell aliases — they can override or drop required options.

  • Don’t forget to reload your shell after making changes.

With these tweaks, you’ll avoid getting stuck in half-open sessions and can SSH smoothly into elevated shells.

Comments

Post a Comment

Popular posts from this blog

Mastering iOS Automation: Fastlane with Automatic and Manual Signing

Mastering iOS Automation: Fastlane with Automatic and Manual Signing For iOS developers, app signing is a crucial, yet often tedious, process. Xcode's "Automatically manage signing" feature offers a convenient way to simplify this process. However, when combined with the automation tool Fastlane, it presents both opportunities and challenges. This article explores how to configure Fastlane in a project with automatic Xcode signing, the problems that can arise, and how to solve them. Someone also presents a recommended hybrid approach. Xcode's Automatic Signing: A Double-Edged Sword The automatic signing feature in Xcode is particularly appealing for solo developers and small teams. It independently handles the creation and management of provisioning profiles and certificates, significantly reducing the initial setup effort.[ 1 ] For local development and testing on registered devices, this approa...
Read more