-   Linux - Security (
-   -   Is this possible with sftp and ssh (

teek5449 02-21-2012 11:31 AM

Is this possible with sftp and ssh
I am looking for the best of both worlds and am not sure that it is possible.

For SSH I have disabled root logins via the "PermitRootLogin no" option and am using key authentication to login to my user account and "su" to root if I need to. But what really want is to be able to login via sftp as root with key auth. I use WinSCP and due to how it logs in I am unable to "su" once connected. The kicker is that I still want to be able to keep the option to login via SSH and use standard passwords; basically I don't want to disable the option for password based logins.

Am I off my rocker here? I realize that key based auth with password based logins disabled is the best bet overall but sometimes I need to remote into the server when away from my system with the key on it.

I have tried searching with a few different terms with no joy. Any help or a nudge in the right direction is most appreciated.

Thanks in advance for any help :)

MCD555 02-21-2012 11:44 AM

Goggling a bit, yes you can...
Have a look at this:


You can su- to root using WinSCP in combination with puTTy. Check the following link, open source and developer is aware of forum requests.
You can get the entire messages here:

Hope this is what you was asking for...

teek5449 02-21-2012 12:11 PM


Originally Posted by MCD555 (Post 4608315)
Hope this is what you was asking for...

...close but that requires that I bypass a bit of security by adding the following to the sudoers file:

yourusername ALL=NOPASSWD: ALL
and that defeats the purpose. OR, from the link: "you may be able to do the above only if you are allowed to do sudo su without being prompted with password"

I had already tried that solution first (days ago). I have been through hours of Google searches, each a bit different but with no clear solution or direct answer.

I appreciate the idea... any others?

stewpid 02-21-2012 12:41 PM

depending on your sshd version, you should be able to tweak PermitRootLogin to allow only for key auth, leaving your non-root users to still be able to use password auth.
The argument to the option would be "without-password"
Specifies whether the root can log in using ssh(). The
argument must be yes, without-password, or no. The
default is yes. If this options is set to without-
password only password authentication is disabled for

teek5449 02-21-2012 01:09 PM


PermitRootLogin without-password

I swear that I looked up the different options available but I must have missed that. Works exactly as I need it to.

Thanks again!

All times are GMT -5. The time now is 04:49 AM.