[lug] Using "ask-pass" With sftp?

Joe McManus joe.mcmanus at colorado.edu
Sat Jun 18 14:04:37 MDT 2016

I would use SSH keys for a non root user, create new group and chgrp that
file so the new user can read it.


On 6/18/16, 2:01 PM, "lug-bounces at lug.boulder.co.us on behalf of Simos"
<lug-bounces at lug.boulder.co.us on behalf of blug at chinesetearoom.com> wrote:

On Sat, 18 Jun 2016 18:36:51 +0000 (UTC)
stimits at comcast.net wrote:

> Hi,
> I have a bit of a conundrum, how do I use sftp from any (Ubuntu or
>other) machine to an embedded Ubuntu machine to download root-access-only
>files using only password, and not customizing each Ubuntu machine for
>allowing this? Can this be done on the command line?
> If I were using ssh, I could use force pseudo-terminal allocation and
>embed the sudo command into a single command over ssh, such as with scp.
>If I were using a local Fedora host, I could possibly ssh to the Ubuntu
>machine, sudo, and sftp in reverse from remote Ubuntu to local
>Fedora...but there is the possibility that both machines are Ubuntu. Is
>the only way to use sftp with an Ubuntu environment needing root access
>at both ends to customize the remote Ubuntu system itself?
> Side note: I'm thinking of renaming some Ubuntu machines to something
>like "RubiksCubuntu". :P


If you have the option to set PermitRootLogin in sshd_config on the
embedded Ubuntu machine, then you can use pub key auth.

Another option, if you don't want to set keys on all the non-embedded
client machines, is to create another user on the embedded Ubuntu machine
with a 0 uid and a password so that it has access to the root-owned files.

You can use expect to automate any password or sftp input if you must use
sftp, but given the above you should be able to just use scp.


Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list