Sudo Password Handling - Quick Reference
When Sudo is Required
Sudo password is needed when fix_local_hosts: true in your server configuration. This modifies:
/etc/hosts- Maps server hostnames to IP addresses~/.ssh/config- Adds SSH connection shortcuts
Quick Solutions
✅ Best: Cache Credentials First
sudo -v && provisioning -c server create
Credentials cached for 5 minutes, no prompts during operation.
✅ Alternative: Disable Host Fixing
# In your settings.k or server config
fix_local_hosts = false
No sudo required, manual /etc/hosts management.
✅ Manual: Enter Password When Prompted
provisioning -c server create
# Enter password when prompted
# Or press CTRL-C to cancel
CTRL-C Handling
CTRL-C Behavior
IMPORTANT: Pressing CTRL-C at the sudo password prompt will interrupt the entire operation due to how Unix signals work. This is expected behavior and cannot be caught by Nushell.
When you press CTRL-C at the password prompt:
Password: [CTRL-C]
Error: nu::shell::error
× Operation interrupted
Why this happens: SIGINT (CTRL-C) is sent to the entire process group, including Nushell itself. The signal propagates before exit code handling can occur.
Graceful Handling (Non-CTRL-C Cancellation)
The system does handle these cases gracefully:
No password provided (just press Enter):
Password: [Enter]
⚠ Operation cancelled - sudo password required but not provided
ℹ Run 'sudo -v' first to cache credentials, or run without --fix-local-hosts
Wrong password 3 times:
Password: [wrong]
Password: [wrong]
Password: [wrong]
⚠ Operation cancelled - sudo password required but not provided
ℹ Run 'sudo -v' first to cache credentials, or run without --fix-local-hosts
Recommended Approach
To avoid password prompts entirely:
# Best: Pre-cache credentials (lasts 5 minutes)
sudo -v && provisioning -c server create
# Alternative: Disable host modification
# Set fix_local_hosts = false in your server config
Common Commands
# Cache sudo for 5 minutes
sudo -v
# Check if cached
sudo -n true && echo "Cached" || echo "Not cached"
# Create alias for convenience
alias prvng='sudo -v && provisioning'
# Use the alias
prvng -c server create
Troubleshooting
| Issue | Solution |
|---|---|
| “Password required” error | Run sudo -v first |
| CTRL-C doesn’t work cleanly | Update to latest version |
| Too many password prompts | Set fix_local_hosts = false |
| Sudo not available | Must disable fix_local_hosts |
| Wrong password 3 times | Run sudo -k to reset, then sudo -v |
Environment-Specific Settings
Development (Local)
fix_local_hosts = true # Convenient for local testing
CI/CD (Automation)
fix_local_hosts = false # No interactive prompts
Production (Servers)
fix_local_hosts = false # Managed by configuration management
What fix_local_hosts Does
When enabled:
- Removes old hostname entries from
/etc/hosts - Adds new hostname → IP mapping to
/etc/hosts - Adds SSH config entry to
~/.ssh/config - Removes old SSH host keys for the hostname
When disabled:
- You manually manage
/etc/hostsentries - You manually manage
~/.ssh/configentries - SSH to servers using IP addresses instead of hostnames
Security Note
The provisioning tool never stores or caches your sudo password. It only:
- Checks if sudo credentials are already cached (via
sudo -n true) - Detects when sudo fails due to missing credentials
- Provides helpful error messages and exit cleanly
Your sudo password timeout is controlled by the system’s sudoers configuration (default: 5 minutes).