[lug] Using "ask-pass" With sftp?
Lee Woodworth
blug-mail at duboulder.com
Sat Jun 18 15:02:57 MDT 2016
On 06/18/2016 12:36 PM, stimits at comcast.net wrote:
> Hi,
>
> I have a bit of a conundrum, how do I use sftp from any (Ubuntu or other) machine to an embedded Ubuntu machine to download root-access-only files using only password, and not customizing each Ubuntu machine for allowing this? Can this be done on the command line?
>
> If I were using ssh, I could use force pseudo-terminal allocation and embed the sudo command into a single command over ssh, such as with scp. If I were using a local Fedora host, I could possibly ssh to the Ubuntu machine, sudo, and sftp in reverse from remote Ubuntu to local Fedora...but there is the possibility that both machines are Ubuntu. Is the only way to use sftp with an Ubuntu environment needing root access at both ends to customize the remote Ubuntu system itself?
>
> Side note: I'm thinking of renaming some Ubuntu machines to something like "RubiksCubuntu". :P
I am guessing you already tried exporting SSH_ASKPASS before invoking sftp.
$ export SSH_ASKPASS=... sftp -v host.name
My experiments with combinations of:
$ export SSH_ASKPASS=/usr/bin/x11-ssh-askpass
$ ssh -o KbdInteractiveAuthentication=no -o KbdInteractiveDevices=password
-o PreferredAuthentications=password host.name 0</dev/null
failed to use SSH_ASKPASS. Note that the target sshd needs
PasswordAuthentication yes
for password authentication to be allowed instead of skey.
So I would make sure SSH_ASKPASS works before trying it with sftp.
The process executing ssh/sftp might only use SSH_ASKPASS when there
is no associated terminal even if stdin is a non-terminal.
More information about the LUG
mailing list