I'm trying the following command:
ssh -A user@server 'bash -s' < mylocalscript.sh
But get the annoying sudo: no tty present and no askpass program specified
when the script reaches a sudo. According to man ssh, -A is supposed to forward local authentication, so it should be able to use sudo on the remote server..
What am I doing wrong/not understanding..?
SSH authentication and sudo authentication are two different sets of credentials. The -A option to the ssh command applies to SSH only. It provides the ability to forward your credentials so you can ssh from server to another system using your local SSH key.
Unless you have sudo rules allowing you to run commands with no password, it will always need to prompt for your password, either from your shell's terminal or using an askpass program, if so configured. An askpass program is a (typically graphical) helper program that simply prompts for a password securely. To authenticate with sudo remotely, you will have to do one of the two things it is requesting:
Ensure you have a tty so sudo can securely prompt for your password on the server. This is as easy as logging in with ssh -t.
Tell sudo to prompt for your password using an askpass program with the -A option on sudo (not to be confused with the -A option for ssh!). This can be done in your script, for example, with something like:
export SUDO_ASKPASS=/usr/lib/openssh/gnome-ssh-askpass
sudo -A ...
Note that since you are piping your shell script to the standard input stream of the SSH connection, sudo will be unable to securely prompt for a password. If sending the script over the SSH standard input like this is a requirement (instead of just copying the script to the server), then the first option will not work. You will have to either use an askpass helper program or configure the required sudo rules to use NOPASSWD, if that is an option.
