WinSCP – Provide Sudo User for Executing SCP

bashscpsftpsshsudo

The tool WinSCP is able to perform a sudo on the remote machine to perform the scp as the sudo user. That leads me to think that this must be possible with the command-line version of scp as well.

Under the wraps, how is WinSCP executing this?

I do not want to work through a solution with a user staging directory. Files might be so big that I am required to post directly using the sudo user. As a result the file copied over, but to my local dir, not the sudo dir.

One solution might be by manually piping over ssh:

tar zcvf -  MyBackups | ssh user@server "cat > /path/to/backup/foo.tgz"

Which I guess could customize to do the sudo as follows:

cat local.txt | ssh user@server "sudo -u sudouser cat > ~/remote_file"

Only problem is that by doing it this way, I have a lot of burden to solve that has been implemented using base scp already. For this and other reasons, I do not want to use this solution either.

Howe can I let scp handle a direct copy to remote using a sudo to change the user so I gain access to it's privileges.

Best Answer

Scp works by making an ssh connection to the remote server, then using that connection to execute another scp command on the remote system. The local scp instance and and the remote instance communicate through the ssh link to send or receive files.

OpenSSH scp in particular constructs an scp command string to be run on the remote system. Then it launches ssh to run that command. The eventual ssh command invoked is the equivalent of this:

/path/to/ssh [ssh options...] "scp [scp options...]"
  • /path/to/ssh is normally a built-in path to the ssh program.
  • [ssh options...] is one or more options to the ssh program.
  • "scp [scp options...]" is a single argument containing the scp command and its arguments to run on the remote system.

OpenSSH scp doesn't provide much in the way of options to alter the form of the remote scp command. There's no way to have it invoke something other than "scp", or to insert something like "sudo" in front of the "scp" part.

As you've noticed, scp does have an option to invoke some other program rather than ssh. Someone who knew how could write an ssh wrapper program and have scp invoke the wrapper instead of invoking ssh directly. The wrapper would have to examine its command-line arguments to find the one containing the scp command, alter the command as desired, and then invoke ssh with the altered command-line arguments.

Related Question