nmcli still has permission and/or key management issue when invoked from ssh
This issue is still there.
Fresh rebooted server, nmcli works inside gnome desktop without --ask. It will also cache the password, so no --ask is needed again for ssh until reboot.
Through ssh with policykit enabled for all networkmanager.* actions, I see the following:
- without --ask, --> fail.
(myenv) [fedora@bayes-dev ~]$ nmcli con up id work
A password is required to connect to 'work'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION=23a15a94-9446-466e-a859-58e21a08a845 + NM_DEVICE=ens33' to get more details.
- with --ask, --> success, this seems to require giving all permissions to
PERMISSION VALUE
org.freedesktop.NetworkManager.checkpoint-rollback yes
org.freedesktop.NetworkManager.enable-disable-connectivity-check yes
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-statistics yes
org.freedesktop.NetworkManager.enable-disable-wifi yes
org.freedesktop.NetworkManager.enable-disable-wimax yes
org.freedesktop.NetworkManager.enable-disable-wwan yes
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.reload yes
org.freedesktop.NetworkManager.settings.modify.global-dns yes
org.freedesktop.NetworkManager.settings.modify.hostname yes
org.freedesktop.NetworkManager.settings.modify.own yes
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.sleep-wake yes
org.freedesktop.NetworkManager.wifi.scan yes
org.freedesktop.NetworkManager.wifi.share.open yes
org.freedesktop.NetworkManager.wifi.share.protected yes
(myenv) [fedora@bayes-dev ~]$ nmcli con up id work --ask
POST https://xxx/
...
Please enter your username and password.
Username:yyy
Password:
POST https:dfffff
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
- --ask in front of up also works.