LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Is this possible with sftp and ssh (http://www.linuxquestions.org/questions/linux-security-4/is-this-possible-with-sftp-and-ssh-930514/)

teek5449 02-21-2012 10:31 AM

Is this possible with sftp and ssh
 
I am looking for the best of both worlds and am not sure that it is possible.

For SSH I have disabled root logins via the "PermitRootLogin no" option and am using key authentication to login to my user account and "su" to root if I need to. But what really want is to be able to login via sftp as root with key auth. I use WinSCP and due to how it logs in I am unable to "su" once connected. The kicker is that I still want to be able to keep the option to login via SSH and use standard passwords; basically I don't want to disable the option for password based logins.

Am I off my rocker here? I realize that key based auth with password based logins disabled is the best bet overall but sometimes I need to remote into the server when away from my system with the key on it.

I have tried searching with a few different terms with no joy. Any help or a nudge in the right direction is most appreciated.

Thanks in advance for any help :)

MCD555 02-21-2012 10:44 AM

Goggling a bit, yes you can...
Have a look at this:

Quote:

You can su- to root using WinSCP in combination with puTTy. Check the following link, open source and developer is aware of forum requests.
http://winscp.sourceforge.net/eng/about.php
HTH
You can get the entire messages here:
http://forums.cpanel.net/f5/sftp-roo...ble-25522.html

Hope this is what you was asking for...

teek5449 02-21-2012 11:11 AM

Quote:

Originally Posted by MCD555 (Post 4608315)
Hope this is what you was asking for...

...close but that requires that I bypass a bit of security by adding the following to the sudoers file:
Code:

yourusername ALL=NOPASSWD: ALL
and that defeats the purpose. OR, from the link: "you may be able to do the above only if you are allowed to do sudo su without being prompted with password"

I had already tried that solution first (days ago). I have been through hours of Google searches, each a bit different but with no clear solution or direct answer.

I appreciate the idea... any others?

stewpid 02-21-2012 11:41 AM

depending on your sshd version, you should be able to tweak PermitRootLogin to allow only for key auth, leaving your non-root users to still be able to use password auth.
The argument to the option would be "without-password"
PermitRootLogin
Specifies whether the root can log in using ssh(). The
argument must be yes, without-password, or no. The
default is yes. If this options is set to without-
password only password authentication is disabled for
root.

teek5449 02-21-2012 12:09 PM

Code:

PermitRootLogin without-password
Perfect!

I swear that I looked up the different options available but I must have missed that. Works exactly as I need it to.

Thanks again!


All times are GMT -5. The time now is 04:28 AM.