Open files in Ubuntu as ROOT from WinSCP remotely

I would like to share a tip, frequently we need modify protected files (i.e. in an Ubuntu box) from WinSCP remotely, but sometimes that is impossible.

If you have a non-privileged user and want to edit a root protected file of an Ubuntu box but with WinSCP, you can do it with a few changes.

Requirements:

1. Server:

– Ubuntu 11.04
– Non-privileged user: chilcano

2. Client:

– Any S.O. but with WinSCP 4.3.6 (http://winscp.net)

Steps:

1. In the server side add this line to /etc/sudoers

chilcano@sso1:/$ sudo nano /etc/sudoers

and

[...]
#### added
chilcano ALL=NOPASSWD: /usr/lib/openssh/sftp-server

2. In the client side open WinSCP and do the following

Check SFTP protocol in WinSCP

Check SFTP protocol in WinSCP

and

Add customized command to sftp-server in Ubuntu

Add customized command to sftp-server in Ubuntu

3. Test it, open a protected file and modify. You could do changes on it.

Open as ROOT from WinSCP

Open as ROOT from WinSCP

End.

I hope this help you.

@Chilcano

Posted in Linux
16 comments on “Open files in Ubuntu as ROOT from WinSCP remotely
  1. Santiago says:

    You have no idea how long I have been looking for something this easy and proper to get this to work. Thank you for this tip. Does the /usr/lib/openssh/sftp-server define that only the sftp “shell?” connection is allowed root with no password for only these connections. Never really understood these sudoer options without doing it account wide, which I don’t want.

  2. Luis Salazar says:

    Man, thanks a lot for your tip.

  3. Freeman says:

    Thank you so much for this! :D

  4. TigerTerror says:

    Can this method be used with the latest WinSCP? (5.1.4)

    Where abouts in the sudoers file do we include the line?

    With the way I currently have it configured, WinSCP is carrying out the login but exiting straight back to the create new session screen.

  5. kun says:

    wow! it worked! Last time I spent almost the whole afternoon trying to figure out what had I done wrong… Thanks so much.

  6. acolussi says:

    Tried following step by step on my ubuntu server 12.04 and WinSCP 5.1.0… but receives the following error message (if I set sudo /usr/lib/openssh/sftp-server): Impossibile inizializzare protocollo SFTP. Server SFTP attivo nell’host? (Impossible initialize protocol SFTP. Is server SFTP active? If I launch the same WinSCP connection with “Default” on SFTP options, then I can access with no problem.

  7. Thach says:

    Many thanks!

  8. Eric M. Maddox says:

    Thanks for your incredibly useful post.

  9. Somewon says:

    not working for ubuntu 14.01 server

  10. Sombody says:

    Works even under Ubuntu 14.04.2 LTS.
    Many, many Thanks!!!

  11. Waldemar says:

    Many many thanks… just what doctor ordered.

  12. Mark says:

    I found you also need to do these in the sudoers file.

    ## Allow root to run any commands anywhere
    userid ALL=NOPASSWD: ALL

    # Disable “ssh hostname sudo “, because it will show the password in clear.
    # You have to run “ssh -t hostname sudo “.
    #
    Defaults:lma !requiretty
    userid ALL=(ALL) NOPASSWD: /usr/libexec/openssh/sftp-server

    Note that as WinSCP cannot implement terminal emulation, you need to have sudoers option requiretty turned off (what is default).

  13. chris says:

    meh…farked my sudo…can’t open WinSCP, and sudo is stuffed – get this message when I try to correct:

    user@alpha:~$ sudo nano /etc/sudoers
    >>> /etc/sudoers: syntax error near line 33 <<<
    sudo: parse error in /etc/sudoers near line 33
    sudo: no valid sudoers sources found, quitting
    sudo: unable to initialize policy plugin

    Any tips anyone?
    (apart from 'let this be a lesson')

    • chris says:

      ah..found the fix (and problem)
      Took this line out of my sudoers
      user@sso1:/$ sudo nano /etc/sudoers
      (yeah I know, but it did say ‘add this line’…)

      And then, because I’m on Linode, I used Lish with root access and was able to re-fix my sudo…sorted!

  14. Lars Nielsen says:

    Works for me on Ubuntu 16.04 and WinSCP 5.9.3 – many thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
%d bloggers like this: