How do I sudo over sshfs?

ssh sudo sshfs

On my local host alpha I have a directory foo that is mapped via sshfs to host bravo as follows:

$ sshfs charlie@bravo:/home/charlie ~/foo

However, on host bravo there is another user, delta, that I want to sudo /bin/su as, so that I can do work in bravo:/home/delta. delta may not be logged into via ssh; for reasons which I cannot change, you can only sudo over to delta once you're on the machine.

Normally I'd ssh into bravo, then sudo to delta, but I'm wondering if there's any way that I can do that when I've got charlie's home dir mounted via ssh.


Solution 1:

This will vary depending on the OS of the server you are connecting to. For centOS 5 you would add to the sshfs mount options:

-o sftp_server="/usr/bin/sudo /usr/libexec/openssh/sftp-server"

For Ubuntu 9.10 (I think, might be 9.04, but it's probably the same for both) or Debian you would add:

-o sftp_server="/usr/bin/sudo /usr/lib/openssh/sftp-server".

To find an the correct path for other systems running openSSH run

sudo grep Subsystem /etc/ssh/sshd_config

and look for the location of the sftp-server binary.

You might need to setup sudo with NOPASS:{path to sftp-server} or prevalidate with ssh user@host sudo -v so that sudo has a updated timestamp for notty. In my case, my two commands were:

ssh login_user@host sudo -v
sshfs login_user@host:remote_path local_path -o sftp_server="/usr/bin/sudo -u as_user /usr/lib/ssh/sftp-server"

Solution 2:

You can use bindfs + sshfs to access other user files (even root).

Firstly you mount your 'root' or any other directory under your user with remapped uid.

ssh -t USER@SERVER "mkdir ~/tmproot; sudo bindfs --map=root/USER / ~/tmproot"

and then simply sshfs into the directory.

sshfs USER@SERVER:tmproot TARGET

But for security it's better to not map whole root / but only part that you need. For example: You can use this method to mount any other user directory to your, for example files from /var/www into ~/www and remap root into your user so you will have full access to it.

If you need access to preserve uid or have access to multiple users then i would create a new user for example "rootfs" with uid=0 and /bin/false and do a normal sshfs.

Related

How to set up disk cloning with dd, netcat and ssh tunnel?
How to do a post-mortem of a server hack
What's your favorite ticketing system? [closed]
Group Policy installation failed error 1274
How much SWAP space on a 2-4GB system?
Apache2 config variable is not defined
Is this how LVM snapshots work?
Unix Server Partitioning & Filesystem Layout
Setting Low Disk Space Alerts on Windows Server 2008
How do I know if I'm working on a Virtual Machine or not?
How the heck is http://to./ a valid domain name?
Limit Linux background flush (dirty pages)