How do I scp to a user I don't have the password for?
Here is the situation. I have user access to a server and root access to the same server. I want to edit files for a user that I don't have password information for on the server. ssh'ing as root is disabled, so I typically ssh in as my user and then su to root. Then I cd to the user of interest's home directory and then su to the user of interest (provided the user of interest has shell access). If the user doesn't have shell access to the server I am forced to modify the files as root, which I loathe to do. So my first question is, how can I safely modify the user's files without being root if the user does not have shell access?
My second question involves transferring files to the user's account using a graphical SFTP program from my desktop. Since I don't have the user of interest's login information (and the user may not have shell access) I can't sftp directly into the user's account, nor can I sftp as root. So instead I use my graphical SFTP program to sftp into my user account's home directory on the server. Then I transfer the files via the SFTP program to my user account's home directory on the server, and then manually copy them as root from my user's home directory to the user of interest's home directory. Obviously this is inefficient and I long for a better solution. What is it?
Note: I realize that I can use the command line scp
program to transfer the files directly to the user of interests home directory, but I want to use a graphical SFTP program.
Set up an rsa/dsa key pair on your own machine (ssh-keygen -t rsa), then append the public key to the user in question's ~/.ssh/authorized_keys file. If ~/.ssh doesn't exist - create it with 700 permissions, owned by the user.
Then you should be able to log in as that user using just the keys (no passwords)
http://winscp.net/eng/docs/faq_su
None of the protocols (SFTP, FTP and SCP) supported by WinSCP allow the user to be changed in the middle of file transfer session. You need to start the session with the correct user.
In some cases (with Unix/Linux server) you may be able to use sudo command straight after login to change a user, before file transfer session starts.
The SFTP and SCP protocols allow for this, but the actual method is platform dependent.
su -c bash --login should give you a shell as that user regardless of their default (disabled) login shell. You can also put a line for yourself in their ~/.ssh/authorized_keys file, and that will allow you to login as them without using their password.