Thanks it works after I comment out the Defaults requiretty in /etc/sudoers. This is a RHEL6 box. By default the TTY is "required".

Sems RHEL7/8 boxes do not requiretty anymore. That is why they are all good.

Thank you so much for your assistance!

@Guest: As the FAQ says, the requiretty must be turned off.

If I run exactly this command:

sudo: sorry, you must have a tty to run sudo

I have to use -t option for ssh, than that works:

@Guest: Ok, and what if you do this from the local machine?

When I run sudo -u userB /usr/libexec/openssh/sftp-server from command line, it started a sftp-server process as userB. When I Ctrl-C, I quit from the command and the proc is gone.

@summej: Did you check SSH server log file?
What happens if you run sudo -u userB /usr/libexec/openssh/sftp-server or sudo /usr/libexec/openssh/sftp-server in shell?

Hello team,

I am using latest WinSCP v5.21.5 on my Win10 box.

I try to connect to a Linux (Red Hat 8) box. From ssh command line, I can login as a user A , which has (ALL) NOPASSWD: ALL permission. Then sudo to another non-root user B, without pwd. For example, as user A, I can run sudo -u userB whoami without pwd.

Now I wish to use WinSCP to login as A and sudo to B, then r/w files owned by B.

With WinSCP, if i use "File protocol=SFTP" => Advanced Environment, SFTP,"SFTP server = "default" or /usr/libexec/openssh/sftp-server, I can access directly as user A no problem.

I have tried to use "File protocol=SFTP" => Advanced Environment, SFTP, SFTP server = sudo -u userB /usr/libexec/openssh/sftp-server or sudo /usr/libexec/openssh/sftp-server.

Then I am getting "Connection has been unexpectedly closed error" with "Cannot initialize SFTP protocol. Is the host running an SFTP server?" msg.

It is definitely not pwd wrong issue. If I use wrong pwd, I will get "Access Denied" first.

Thank you for any advice.

@tedious: Thanks for sharing you findings.
Though note that @tdecoursey obviously knows how to switch the user in shell. So the problem was not learning about the -u switch or sudo su or in general what command to use.
That's why I do not understand what the problem was about.

Posting the solution as obviously the top result for searching online falls on an admin that is unable to provide the simple answer...
Quick answer:

To locate /path/to/sftp-server:


If both command fails, try the paths in the doc: https://winscp.net/eng/docs/faq_su

---

Long answer:
Basically the SFTP server field in Advanced Settings is a command line, so you only need to add the command to sudo as another user.

What is suggested in the official doc is to just elevate sftp-server permission to root (default value if -u is not provided). As -u is not required for root, it can get confusing as to how to set up the connection as another user.

• Elevate sftp-server to root permission.
  Requires the permission to be set in sudoers.conf
  

  sudo /path/to/sftp-server

  
  
• Elevate sftp-server to another user permission
  Requires the permission to be set in sudoers.conf
  

  sudo -u RunAsUser /path/to/sftp-server

  
  
• Another command that I found being passed around is
  

  sudo su RunAsUser -c /path/to/sftp-server

  
  It achieves the same thing in a different manners. Either worked for me.
  

@steflexx: TTY is incompatible with SFTP protocol. And askpass program must be server-side, not client-side.
Theoretically, WinSCP could ask for the password. But TTY must be disabled in any case. And that also requires a change in sudoers.

What can I do, if I am not allowed to set NOPASSWD in /etc/sudoers?
Is there a chance for WinSCP to ask for the sudo password while changing the user? I mean, the error message says "no tty present and no askpass program specified".
Is it possible to "configure" an askpass program in WinSCP?
Due to security reasons we are not allowed to set NOPASSWD, BUTTTTTTT we know the sudo password and if WinSCP allows us to enter the password during conversation everything would be fine an even the userchange can happen without editing the /etc/sudoers.
I am looking forward for your help. Thanxx

You have to understand that this is server-side problem and not client-side. So the documentation we provide here cannot be too specific as the solution differs with the server.

I've been trying to figure this out off and on for a while. Naturally I'm searching the web. I can't tell you how frustrating it is to see this question asked at least 5+ times and to see your answer of 'RTFM' Clearly, the documentation is not sufficient otherwise the same question wouldn't keep coming up.

You provided a solution a while back but you didn't provide screenshots of the use case. So if your just blowing this issue off, then just say so.
We have provided documentation, screenshots, etc and you have provided nothing but a doc someone else wrote that is as generic as a can of peas.

There's nothing more to add to the topic than what is already documented:
How do I change user after login (e.g. su root)?

I have attached a file with screenshots. You will have to unzip it.
I am hoping for screenshots back as a solution.
If you cant provide a solution with screenshots, just simply post. "no solution available"
Thanks.

I have hundreds of servers I access daily. Each one requires me to login as my name/password
tdecoursey/passwd.
However, after that session begins, I can't do anything but copy files into my user directory. So I need to login again as admin.

My question is and has always been, does WinSCP allow you to do do an initial log in and then a subsequent login. Keep in mind, this is not sudo, it's su to another profile and connecting as that profile.
Thanks.

So use su, where sudo is used in the article.

The link does not provide a solution outside of sudo which I can not use.
Is there another solution. Can I add my own command line somewhere that would not use sudo su, rather just su?

The procedure for switching users is the same, no matter if you switch to root or other user.

I guess I should have been more clear. The access I am looking for after my initial login is not root. It's a group user with more permissions but not root.
So the question remains, can I log in again, eg su to another user during the initial login session or afterwards?
Thanks.

Thank you. I had already read this. I tried but I was not sure I was toggling the correct config. Regardless, what I did toggle did not work. I also tried using tunneling with my Id, and then entering a root id afterwards, still no go. If you have some screenshots on how to do this, that would help.
Again, to recap, I am able to, and have to login with my stnadard user id, but then need to su to root afterwards or configure the tool to do it for me during a full login session.
Thanks.

Please read documentation:
How do I change user after login (e.g. su root)?

If that does not help, come back.

Is it possible to su to root or another user during a initial login session to a server?

More specifically, I login as my username/password to a server. But with this login, I am unable to copy or edit files. So I need to login again to a another user, eg su -username/password.

Is this configurable in WinSCP 5.1.8?