Running an SFTP operation as a different user via

2019-06-02 03:58发布

站内问答 / Python
928 1 6

I want connect to my Ubuntu server using a service account but perform file transfer operations on behalf of another user. My sshd_config has the following content (among other stuff):

PubKeyAuthentication yes
PasswordAuthentication yes
Subsystem sftp /usr/lib/openssh/sftp-server

I have tried the following code but without any success:

t = paramiko.Transport(('<address>', <port>))  
t.connect(username='serviceAccount', password='<password>')
channel = t.open_session()
channel.exec_command('sudo su -l <other user> -c /usr/lib/openssh/sftp-server')
sftp = t.open_sftp_client()
file = sftp.file("<some path>", "w", bufsize=...)
file.write(...)
file.close()
sftp.close()
channel.close()
t.close()

This is the error I see when I run this code:

IOError: [Errno 13] Permission denied

1条回答
Animai°情兽
2楼-- · 2019-06-02 04:34

First, automating su or sudo is not the correct solution.

The correct solution is to login directly with the account you need to use.

Anyway, open_sftp_client and exec_command run on two different SSH channels. So your code cannot work, as the sftp operates on non-elevated session, that's not affected by the exec_command at all.

There's no explicit support for running SFTP with su in Paramiko (as that approach is wrong and hardly standardized).

You would have to implement an alternative to SFTPClient.from_transport that will call your exec_command instead of invoke_subsystem.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)