Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-21-2012, 10:31 AM   #1
LQ Newbie
Registered: Dec 2009
Posts: 12

Rep: Reputation: 0
Is this possible with sftp and ssh

I am looking for the best of both worlds and am not sure that it is possible.

For SSH I have disabled root logins via the "PermitRootLogin no" option and am using key authentication to login to my user account and "su" to root if I need to. But what really want is to be able to login via sftp as root with key auth. I use WinSCP and due to how it logs in I am unable to "su" once connected. The kicker is that I still want to be able to keep the option to login via SSH and use standard passwords; basically I don't want to disable the option for password based logins.

Am I off my rocker here? I realize that key based auth with password based logins disabled is the best bet overall but sometimes I need to remote into the server when away from my system with the key on it.

I have tried searching with a few different terms with no joy. Any help or a nudge in the right direction is most appreciated.

Thanks in advance for any help

Last edited by teek5449; 02-21-2012 at 12:10 PM.
Old 02-21-2012, 10:44 AM   #2
Registered: May 2009
Location: Milan, Italy
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 108

Rep: Reputation: 10
Goggling a bit, yes you can...
Have a look at this:

You can su- to root using WinSCP in combination with puTTy. Check the following link, open source and developer is aware of forum requests.
You can get the entire messages here:

Hope this is what you was asking for...
Old 02-21-2012, 11:11 AM   #3
LQ Newbie
Registered: Dec 2009
Posts: 12

Original Poster
Rep: Reputation: 0
Originally Posted by MCD555 View Post
Hope this is what you was asking for...
...close but that requires that I bypass a bit of security by adding the following to the sudoers file:
yourusername ALL=NOPASSWD: ALL
and that defeats the purpose. OR, from the link: "you may be able to do the above only if you are allowed to do sudo su without being prompted with password"

I had already tried that solution first (days ago). I have been through hours of Google searches, each a bit different but with no clear solution or direct answer.

I appreciate the idea... any others?
Old 02-21-2012, 11:41 AM   #4
LQ Newbie
Registered: Feb 2012
Posts: 1

Rep: Reputation: Disabled
depending on your sshd version, you should be able to tweak PermitRootLogin to allow only for key auth, leaving your non-root users to still be able to use password auth.
The argument to the option would be "without-password"
Specifies whether the root can log in using ssh(). The
argument must be yes, without-password, or no. The
default is yes. If this options is set to without-
password only password authentication is disabled for
1 members found this post helpful.
Old 02-21-2012, 12:09 PM   #5
LQ Newbie
Registered: Dec 2009
Posts: 12

Original Poster
Rep: Reputation: 0
PermitRootLogin without-password

I swear that I looked up the different options available but I must have missed that. Works exactly as I need it to.

Thanks again!


login, password, security, sftp, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Restricting Users To SFTP Plus Setting Up Chrooted SSH/SFTP (Debian Squeeze) LXer Syndicated Linux News 0 09-06-2011 07:10 AM
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 02:23 AM
sftp and ssh kehkok Linux - Networking 4 09-20-2006 02:53 PM
SFTP and SSH XaViaR Linux - Security 5 07-20-2005 10:18 AM
ssh and sftp help Rex_chaos Linux - Networking 8 03-17-2003 08:12 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:10 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration