Unable to establish a proper connection for remote Replication Task

TrueNAS General
1

Obvioulsy there must be something I don’t get, but I don’t see what it it:

I’m trying to replicate some datasets of a truenas host from a remote backup system.

I get this error message:

“Unknown SSH+NETCAT transport error: ‘sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper\n’”

this is also the only available message in the jobs logs.

I’ve configured a replicator user on the truenas with pwdless sudo for /usr/sbin/zfs ('I’ve added zpool and nc later on)

I’ve configured the SSH Connection used for the Replication Task as such on the backup host:
SSH Connection
type: Semi-automatic
Admin username: truenas_admin
Password: pass
username: replicator
Private Key: Generate New ( replicator@truenas key )

Then configured the Replication Task options.

But with this I don’t know which user on backup is going to establish the ssh connection, cause I was never asked.

I was able to get the private key from replicator@truenas key from the UI.
On backup I copied it to root home and truenas_admin home under .ssh/id_rsa
and was able from these two users to successfully perform:

ssh replicator@truenas sudo -n zfs list
ssh replicator@truenas sudo -n zpool list

ssh replicator@truenas sudo -n nc -h

I don’t know which are necessary really though, outside of the automatically added to passwdless sudo /usr/sbin/zfs

In any case, despite being able to manually ssh to truenas from backup with users root and truenas_admin I’m still getting:

“Unknown SSH+NETCAT transport error: ‘sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper\n’”

2

You are telling TrueNAS to use this user for replication. Do they exist on the other server? Do they have a home folder? Have you saved the pub key in their profile? Have you given that user shell access otherwise it won’t work?

Personally I set this to manual as I find it more straight forward and reliable ironically.

3

yeah the Semi-automatic part isn’t really helpful, just helps read the pubkey from the remote system AFAIK.

Anyway, yeah the user replicator is created on truenas host with its home folder, it has a pub key setup.

I can ssh replicator@truenas sudo -n zfs list from my backup system using either root or truenas_admin , provided I created a .ssf/id_rsa with proper permissions.

So that at least tells the replicator user on the truenas host is working.

I just don’t know and don’t know how to find out which user backup is using to establish the ssh connection.
I must be missing something as I haven’t seen any part of the Replication Task config mentioning this.

4

Here’re the logs for a Replication Job as configured:

root@truenas[~]# tail -f /var/log/jobs/113.log
[2026/03/18 18:00:08] INFO [Thread-11] [zettarepl.paramiko.replication_task__task_1] Connected (version 2.0, client OpenSSH_9.2p1)
[2026/03/18 18:00:08] INFO [Thread-11] [zettarepl.paramiko.replication_task__task_1] Authentication (publickey) successful!
[2026/03/18 18:00:09] INFO [replication_task__task_1] [zettarepl.replication.pre_retention] Pre-retention destroying snapshots:
[2026/03/18 18:00:09] INFO [replication_task__task_1] [zettarepl.replication.run] For replication task ‘task_1’: doing pull from ‘tank/container-volumes’ to ‘backup/tank/container-volumes’ of snapshot=‘2weeks-daily-auto-2026-03-05_00-00’ incremental_base=None include_intermediate=False receive_resume_token=None encryption=False
[2026/03/18 18:00:09] INFO [replication_task__task_1] [zettarepl.paramiko.replication_task__task_1.sftp] [chan 5] Opened sftp connection (server version 3)
[2026/03/18 18:00:09] ERROR [replication_task__task_1] [zettarepl.replication.run] For task ‘task_1’ non-recoverable replication error ReplicationError(“Unknown SSH+NETCAT transport error: ‘sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper\n’”)

It works if I use SSH instead of SSH+NETCAT

I must be missing some command allowed for the replicator user on the truenas system.
So far I have:
Allowed Sudo Commands (No Password): /usr/sbin/zfs, /usr/sbin/zpool, /usr/bin/nc but I’m not sure how to find out the missing command.