Have not got an answer re the pam config but have a workaround in terms of tunneling in via sftp.
Put the designated non-root user ('username' in the example below) into the sudoers file ie /etc/sudoers. You have to specify the location of the sftp-server binary. You edit /etc/sudoers via the visudo command line editor, as root:
Code:
username ALL=(ALL) NOPASSWD: /usr/libexec/openssh/sftp-server
ie 'username' can run commands of any user (the first ALL) on any host (if there are more that one pc, on the network ie the second ALL) without a password but ONLY for sftp-server
(refer
https://winscp.net/eng/docs/faq_su)
If using winscp as your sftp program, make the following changes
(refer
https://forums.cpanel.net/threads/wi...ia-sudo.334882)
In WinSCP for the session of the particular user:
Environment -> SFTP [Protocol Options] - SFTP server:
Code:
/usr/bin/sudo -s /usr/libexec/openssh/sftp-server
Environment -> SCP/Shell [Shell] - Shell: