How do you start Python Paramiko SFTP with sudo?
Question
Using the standard client.open_sftp() handle gives me SFTP controls but without sudo/root permissions, any sort of /etc/** files can't be edited. I have a user that has passwordless sudo access, I figured I could maybe start off with sudo su and then invoke SFTP but that did not seem to be the case.
t = paramiko.Transport(('192.168.56.102', 22))
t.connect(username='vagrant', password='vagrant')
chan = t.open_session()
chan.get_pty()
chan.invoke_subsystem('sftp')
chan.exec_command('sudo su')
sftp = paramiko.SFTPClient.from_transport(t)
.. the error
paramiko.ssh_exception.SSHException: Channel closed.
DEBUG:paramiko.transport:EOF in transport thread
Any tips how to get Paramiko to open SFTP with sudo access?
1 answers
solution1
0 2016-02-04 07:08:04
First, automating su or sudo is not the correct solution.
The correct solution is to setup a dedicated private key with only privileges needed for your task.
The invoke_subsystem and exec_command are generally mutually exclusive. You can use one or the other, but not both. A "subsystem" is kind of an alias to a "command". Ie the "sftp" subsystem is typically an alias to the "/bin/sftp-server" command (thought that's a very simplified explanation).
There's no native support for executing SFTP subsystem as a different user.
So all you can do is to execute the sftp_server binary directly as a different user.
chan.exec_command('sudo su -c /bin/sftp-server')
(Assuming *nix OpenSSH server)
And you definitely cannot request PTY ( get_pty ) as that's incompatible with the SFTP protocol.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.