To answer my own question and maybe to raise some attention of others who might have better ideas, here is what I've come up with.
I created a script in my target host's home directory containing this:
In my winscp settings for the host I have now this configured as shell:
Before I invoke the winscp session I log in to the target host starting "mypass", which will then ask me for the password and put it into a fifo. As soon as the fifo was read, I get the message "Connected" and the fifo gets removed.
But while the script is waiting for the connection, after I entered my password, I start winscp and connect to my host. The sudo command of my shell-commands starts "mypass" and notices that it's non-interactive and that a password is waiting in the fifo. It reads the password, echos it to stdout (for sudo to read) and deletes the fifo. I delete the fifo twice just to be sure that it's removed, either by the writer or by the reader.
I created a script in my target host's home directory containing this:
#!/bin/sh
if [ -t 0 ] ; then # interactive
if [ -r $0.fifo ] ; then rm $0.fifo ; fi
mkfifo -m 600 $0.fifo
stty -echo
echo -n "Password for upcoming winscp session: "
read p
stty echo
echo
echo -n "Waiting for connection..."
echo $p > $0.fifo
echo
echo "Connected!"
rm $0.fifo
elif [ -r $0.fifo ] ; then # non interactive - fifo exists
cat $0.fifo
rm $0.fifo
fi
In my winscp settings for the host I have now this configured as shell:
SUDO_ASKPASS=mypass sudo -A su - TARGETUSER
Before I invoke the winscp session I log in to the target host starting "mypass", which will then ask me for the password and put it into a fifo. As soon as the fifo was read, I get the message "Connected" and the fifo gets removed.
But while the script is waiting for the connection, after I entered my password, I start winscp and connect to my host. The sudo command of my shell-commands starts "mypass" and notices that it's non-interactive and that a password is waiting in the fifo. It reads the password, echos it to stdout (for sudo to read) and deletes the fifo. I delete the fifo twice just to be sure that it's removed, either by the writer or by the reader.