The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WinSCP & changing user on login via sudo

Discussion in 'General Discussion' started by setsuid, Apr 1, 2013.

  1. setsuid

    setsuid Registered

    Joined:
    Oct 2, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    [RESOLVED] WinSCP & changing user on login via sudo

    Hello everyone! So my server was recently hit with the circulating rootkit exploit. As a result, I've done an OS reload and installed some great security applications - RKHunter, ClamAV, MalDet and CSF.. All setup and working great thanks to much help of the good folks of this forum.. Thank you! :)

    I've also done much of the system security stuff - SSH key authentication- no password, no root login and changed SSH port.

    Since there is no root login, the only problem with the setup is SFTP, when I need to make changes to a file that requires root permission.

    I was using FileZilla, but switched to WinSCP since it was stated solved such a problem. Per the WinSCP doc @ How do I change user after login (e.g. su root)? :: WinSCP .. By making a change to your "sudoers" file, adding a switch in the WinSCP configuration, you should be all set. For some reason, it's not working out that way.

    Errors range from "permission denied", "is the tftp server running", etc

    I have a user who I've added to the "wheel" and I've uncommented the lines in the sudoers config
    Code:
    ## Allows people in group wheel to run all commands
    %wheel  ALL=(ALL)       ALL
    
    ## Same thing without a password
    %wheel  ALL=(ALL)       NOPASSWD: ALL
    This still does nothing.

    I know that the sudo is working just fine and as configured..

    Code:
    user@hostname [~]# su
    Password: 
    su: incorrect password
    user@hostname [~]# sudo su
    user@hostname [/home/user]# 
    The problem appears to be with WinSCP and that whole switch/change of user.. I've searched, but have not posted on the WinSCP forums. Figured I'd start here since this may be a common need and issue for folks.

    So I ask - does anyone have this working? If not, but you have the same needs as I mentioned here - how do you do it? I'm open to options.

    Thanks everyone!
     
    #1 setsuid, Apr 1, 2013
    Last edited: Apr 1, 2013
  2. setsuid

    setsuid Registered

    Joined:
    Oct 2, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Resolved! Proud, but embarrassed to say - it was my mistake. I failed to read the last line of the WinCSP doc.. LOL

    But, because of the heightened security I've implemented I didn't want to disable tty across the board, so I've disabled it for my user only.

    I'll post the solution to hopefully help someone else.. This is specifically for SFTP FULL access and no password when using sudo as the specific user

    Code:
    nano -w /etc/sudoers
    Code:
    ## Allow root to run any commands anywhere
    myuser       ALL=NOPASSWD: ALL
    
    # Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
    #         You have to run "ssh -t hostname sudo <cmd>".
    #
    Defaults:myuser    !requiretty
    Not concerned with passwords since I'm using SSH keys..

    I've commented the following back
    Code:
    ## Allows people in group wheel to run all commands
    #%wheel  ALL=(ALL)       ALL
    
    ## Same thing without a password
    #%wheel  ALL=(ALL)       NOPASSWD: ALL
    In WinSCP for the session of the particular user:
    Environment -> SFTP [Protocol Options] - SFTP server:
    Code:
    sudo /usr/libexec/openssh/sftp-server
    Environment -> SCP/Shell [Shell] - Shell:
    Code:
    sudo su
    Thanks again everyone and sorry for taking 5 minute of your life you cant get back :p
     
Loading...

Share This Page