Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Skeeve

To answer my own question and maybe to raise some attention of others who might have better ideas, here is what I've come up with.

I created a script in my target host's home directory containing this:

#!/bin/sh

if [ -t 0 ] ; then # interactive
        if [ -r $0.fifo ] ; then rm $0.fifo ; fi
        mkfifo -m 600 $0.fifo
        stty -echo
        echo -n "Password for upcoming winscp session: "
        read p
        stty echo
        echo
        echo -n "Waiting for connection..."
        echo $p > $0.fifo
        echo
        echo "Connected!"
        rm $0.fifo
elif [ -r $0.fifo ] ; then # non interactive - fifo exists
        cat $0.fifo
        rm $0.fifo
fi


In my winscp settings for the host I have now this configured as shell:

SUDO_ASKPASS=mypass sudo -A su - TARGETUSER


Before I invoke the winscp session I log in to the target host starting "mypass", which will then ask me for the password and put it into a fifo. As soon as the fifo was read, I get the message "Connected" and the fifo gets removed.

But while the script is waiting for the connection, after I entered my password, I start winscp and connect to my host. The sudo command of my shell-commands starts "mypass" and notices that it's non-interactive and that a password is waiting in the fifo. It reads the password, echos it to stdout (for sudo to read) and deletes the fifo. I delete the fifo twice just to be sure that it's removed, either by the writer or by the reader.
Skeeve

winscp askpass tipps please

I want to access files on remote servers where I'm just allowed to do
sudo su - TARGETUSER
.

Unfortunately I have to enter my password for sudo.

I found out that I can use SCP as file protocol and as shell I use

SUDO_ASKPASS=./mypass sudo -A su - TARGETUSER


mypass simply contains

#!/bin/sh

echo 'My Secret Password'

This works fine except for the fact that ./mypass has to contain my password.

Does anyone here have any tipp for me, how I can provide the password to sudo without having to store it in clear text?

Note: I can't change the configuration of sudo or anything of the system.