1

I have a Linux server, where when I connect by PuTTY, I first need to log in using a non-root account (let's say user1), and then issue the command su root or su - root to log in to the root account. I cannot log in directly to the root account as such direct access is blocked for security reasons.

I would like to know how such a setup can be achieved in WinSCP, a GUI file manager for Unix/Linux servers. I have tried tunnelling to the same IP address but this does not work as I believe this attempts a "direct" login to the root account through the tunnel connection established using user1 account. Setting Shell to sudo su - also does not work.

How do I get WinSCP to emulate the su root or su - root indirect login as it can be done in PuTTY?

ADTC
  • 3,044

2 Answers2

2

First, allow yourself to sudo su to root from the non-root user you will login as, by adding a line like:

username ALL=NOPASSWD: ALL

or (for better security):

username ALL=NOPASSWD: /bin/sftp-server

to the /etc/sudoers file.

Then using WinSCP with the session file protocol as SCP, in the Settings, choose Environment | SCP/Shell and then choose the shell as sudo su -.

I know you already said you tried sudo su - but it will only work if you have also added the line to the sudoers file. I confirmed this on my server, which has no root login via SSH, and it worked just fine.

I was then able using the GUI to copy files from root that are 0600 (owned by root), and I was able to write to the root directory. Plus, if I opened a terminal window from WinSCP and did id, it showed me as root.

This only worked with SCP as the file protocol. I could not get it to work with SFTP in WinSCP.

ADTC
  • 3,044
sdjuan
  • 279
0

Maybe not quite what you're after, but you could add the command you want to run (eg: sudo su -) in your .bash_profile file so that it's executed as soon as you login.

Mind you, automatically elevating yourself to root all the time kinda defeats the intention that making you think about it will stop you from doing something dangerous by accident - purists will tut.

Linker3000
  • 28,240