[lug] Using "ask-pass" With sftp?
stimits at comcast.net
stimits at comcast.net
Thu Jun 23 16:49:01 MDT 2016
Just an update on my final solution for those struggling with developing on remote Ubuntu targets (in this case sitting next to me on a private network, but still "remote" so far as software is concerned) when lots of root ownership files are somewhat randomly transferred to/from the host (everything runs on a private network not connected to the real world).
What I ended up doing is giving Ubuntu's root account a password (sudo passwd root), unlocking root (sudo passwd -u root), setting sshd to allow root login (sshd_config "PermitRootLogin yes"), generating ssh keys as needed, and running ssh-copy-id from both my root and developer account of the non-Ubuntu development host (the embedded Ubuntu now knows my development host's public ssh keys). This allowed ssh key access to root on the Ubuntu system without a password, but depending on valid ssh keys...I then removed the Ubuntu root password, and re-locked the root account (sudo passwd -d -l root), followed by setting sshd back to not allowing root password login (sshd_config "PermitRootLogin without-password").
Now the Ubuntu machine uses its normal sudo-only access for most situations, but my desktop development host can ssh, scp, and sftp directly to root on the embedded Ubuntu machine without password. Sometimes a bigger hammer just works out :P
----- Original Message -----From: Kevin Fenzi <kevin at scrye.com>To: lug at lug.boulder.co.usSent: Wed, 22 Jun 2016 16:14:33 -0000 (UTC)Subject: Re: [lug] Using "ask-pass" With sftp?
On Sat, 18 Jun 2016 18:36:51 +0000 (UTC)stimits at comcast.net wrote:
> Hi,> > I have a bit of a conundrum, how do I use sftp from any (Ubuntu or> other) machine to an embedded Ubuntu machine to download> root-access-only files using only password, and not customizing each> Ubuntu machine for allowing this? Can this be done on the command> line? If I were using ssh, I could use force pseudo-terminal> allocation and embed the sudo command into a single command over ssh,> such as with scp. If I were using a local Fedora host, I could> possibly ssh to the Ubuntu machine, sudo, and sftp in reverse from> remote Ubuntu to local Fedora...but there is the possibility that> both machines are Ubuntu. Is the only way to use sftp with an Ubuntu> environment needing root access at both ends to customize the remote> Ubuntu system itself? Side note: I'm thinking of renaming some Ubuntu> machines to something like "RubiksCubuntu". :P
As a side note to the other solutions here you could easily make apretty simple ansible script to do this for you.
Something like:
- name: copy files from embeded device hosts: embeded-device.example.com user: unprivuseronembeded become: yes become_user: root
tasks: - fetch: src=/tmp/somefile dest=/tmp/fetched
It's not sftp, but it's another somewhat easy to use option.
kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20160623/a2049eaf/attachment.html>
More information about the LUG
mailing list