Topic "winscp askpass tipps please"

Author Message
Skeeve
[View user's profile]

Joined: 2014-10-17
Posts: 12
I want to access files on remote servers where I'm just allowed to do
Code:
sudo su - TARGETUSER
.

Unfortunately I have to enter my password for sudo.

I found out that I can use SCP as file protocol and as shell I use

Code:
SUDO_ASKPASS=./mypass sudo -A su - TARGETUSER


mypass simply contains

Code:
#!/bin/sh
echo 'My Secret Password'

This works fine except for the fact that ./mypass has to contain my password.

Does anyone here have any tipp for me, how I can provide the password to sudo without having to store it in clear text?

Note: I can't change the configuration of sudo or anything of the system.
Skeeve
[View user's profile]

Joined: 2014-10-17
Posts: 12
To answer my own question and maybe to raise some attention of others who might have better ideas, here is what I've come up with.

I created a script in my target host's home directory containing this:

Code:
#!/bin/sh
if [ -t 0 ] ; then # interactive
        if [ -r $0.fifo ] ; then rm $0.fifo ; fi
        mkfifo -m 600 $0.fifo
        stty -echo
        echo -n "Password for upcoming winscp session: "
        read p
        stty echo
        echo
        echo -n "Waiting for connection..."
        echo $p > $0.fifo
        echo
        echo "Connected!"
        rm $0.fifo
elif [ -r $0.fifo ] ; then # non interactive - fifo exists
        cat $0.fifo
        rm $0.fifo
fi


In my winscp settings for the host I have now this configured as shell:

Code:
SUDO_ASKPASS=mypass sudo -A su - TARGETUSER


Before I invoke the winscp session I log in to the target host starting "mypass", which will then ask me for the password and put it into a fifo. As soon as the fifo was read, I get the message "Connected" and the fifo gets removed.

But while the script is waiting for the connection, after I entered my password, I start winscp and connect to my host. The sudo command of my shell-commands starts "mypass" and notices that it's non-interactive and that a password is waiting in the fifo. It reads the password, echos it to stdout (for sudo to read) and deletes the fifo. I delete the fifo twice just to be sure that it's removed, either by the writer or by the reader.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License