Se você já tem acesso ssh / scp / sftp via SSH-2.0-OpenSSH_5.3, você não precisa tentar configurar outro daemon.
Eu preciso executar o binário do servidor de arquivos SFTP como root, mas o login root direto não é permitido.
No WinSCP, se eu usar "padrão" na opção de protocolo do servidor SFTP, tudo funcionará como esperado.
Seguindo as instruções em sudo no WinSCP , adicionei adminuser ALL = NOPASSWD: / usr / sbin / proftpd "para / etc / sudoers. Em seguida, tentei usar "sudo / usr / sbin / proftpd" na opção de protocolo do servidor SFTP (ele funciona na linha de comando sem nenhum prompt), mas traz "Não é possível inicializar o protocolo SFTP. O host está executando um servidor SFTP? "
Se eu usar "adminuser ALL = NOPASSWD: / bin / su" e tiver o WINSCP configurado como SCP em vez de SFTP, posso acessar o servidor e ele funcionará bem, com privilégios de root.
Como a última configuração do sudoers é muito benevolente, eu quero usar o SFTP em vez do SCP, porque ele permite uma configuração de sudo mais restritiva (somente o proftpd pode ser executado como root).
Como usar o sudo com o WinSCP no modo SFTP com o ProFTPd ?
PS: somente o login baseado em certificado é permitido
. 2012-06-17 11:05:56.998 --------------------------------------------------------------------------
. 2012-06-17 11:05:56.998 WinSCP Version 4.3.7 (Build 1679) (OS 6.1.7601 Service Pack 1)
. 2012-06-17 11:05:56.998 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2012-06-17 11:05:56.999 Login time: Sunday, June 17, 2012 11:05:56 AM
. 2012-06-17 11:05:56.999 --------------------------------------------------------------------------
. 2012-06-17 11:05:56.999 Session name: KVM1 (Modified stored session)
. 2012-06-17 11:05:57.047 Host name: mykvm.com (Port: 22)
. 2012-06-17 11:05:57.048 User name: adminuser (Password: No, Key file: Yes)
. 2012-06-17 11:05:57.048 Tunnel: No
. 2012-06-17 11:05:57.048 Transfer Protocol: SFTP (SCP)
. 2012-06-17 11:05:57.048 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2012-06-17 11:05:57.048 Proxy: none
. 2012-06-17 11:05:57.048 SSH protocol version: 2; Compression: Yes
. 2012-06-17 11:05:57.048 Bypass authentication: No
. 2012-06-17 11:05:57.048 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2012-06-17 11:05:57.048 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2012-06-17 11:05:57.048 SSH Bugs: -,-,-,-,-,-,-,-,-
. 2012-06-17 11:05:57.048 SFTP Bugs: -,-
. 2012-06-17 11:05:57.048 Return code variable: Autodetect; Lookup user groups: Yes
. 2012-06-17 11:05:57.048 Shell: default
. 2012-06-17 11:05:57.048 EOL: 0, UTF: 2
. 2012-06-17 11:05:57.048 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2012-06-17 11:05:57.048 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2012-06-17 11:05:57.048 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-06-17 11:05:57.048 Cache directory changes: Yes, Permanent: Yes
. 2012-06-17 11:05:57.048 DST mode: 1
. 2012-06-17 11:05:57.048 --------------------------------------------------------------------------
. 2012-06-17 11:05:57.113 Looking up host "mykvm.com"
. 2012-06-17 11:05:57.132 Connecting to xxx.xxx.128.59 port 22
. 2012-06-17 11:05:57.499 Server version: SSH-2.0-OpenSSH_5.3
. 2012-06-17 11:05:57.499 Using SSH protocol version 2
. 2012-06-17 11:05:57.499 We claim version: SSH-2.0-WinSCP_release_4.3.7
. 2012-06-17 11:05:57.679 Server supports delayed compression; will try this later
. 2012-06-17 11:05:57.679 Doing Diffie-Hellman group exchange
. 2012-06-17 11:05:58.077 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-06-17 11:05:58.498 Host key fingerprint is:
. 2012-06-17 11:05:58.498 ssh-rsa 2048 bd:e4:34:b1:d4:69:d6:4e:e4:26:04:8b:b7:b3:de:c3
. 2012-06-17 11:05:58.498 Initialised AES-256 SDCTR client->server encryption
. 2012-06-17 11:05:58.498 Initialised HMAC-SHA1 client->server MAC algorithm
. 2012-06-17 11:05:58.498 Initialised AES-256 SDCTR server->client encryption
. 2012-06-17 11:05:58.498 Initialised HMAC-SHA1 server->client MAC algorithm
. 2012-06-17 11:05:58.922 Reading private key file "D:\id_rsa.ppk"
! 2012-06-17 11:05:58.924 Using username "adminuser".
. 2012-06-17 11:05:59.550 Offered public key
. 2012-06-17 11:05:59.743 Offer of public key accepted
! 2012-06-17 11:05:59.743 Authenticating with public key "masterkey for admin"
. 2012-06-17 11:05:59.764 Prompt (3, SSH key passphrase, , Passphrase for key "masterkey for admin": )
. 2012-06-17 11:06:02.938 Sent public key signature
. 2012-06-17 11:06:03.352 Access granted
. 2012-06-17 11:06:03.352 Initiating key re-exchange (enabling delayed compression)
. 2012-06-17 11:06:03.765 Doing Diffie-Hellman group exchange
. 2012-06-17 11:06:03.955 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-06-17 11:06:04.410 Initialised AES-256 SDCTR client->server encryption
. 2012-06-17 11:06:04.410 Initialised HMAC-SHA1 client->server MAC algorithm
. 2012-06-17 11:06:04.410 Initialised zlib (RFC1950) compression
. 2012-06-17 11:06:04.410 Initialised AES-256 SDCTR server->client encryption
. 2012-06-17 11:06:04.410 Initialised HMAC-SHA1 server->client MAC algorithm
. 2012-06-17 11:06:04.410 Initialised zlib (RFC1950) decompression
. 2012-06-17 11:06:04.839 Opened channel for session
. 2012-06-17 11:06:05.247 Started a shell/command
. 2012-06-17 11:06:05.253 --------------------------------------------------------------------------
. 2012-06-17 11:06:05.253 Using SFTP protocol.
. 2012-06-17 11:06:05.253 Doing startup conversation with host.
> 2012-06-17 11:06:05.259 Type: SSH_FXP_INIT, Size: 5, Number: -1
. 2012-06-17 11:06:05.354 Server sent command exit status 0
. 2012-06-17 11:06:05.354 Disconnected: All channels closed
* 2012-06-17 11:06:05.380 (ESshFatal) Connection has been unexpectedly closed. Server sent command exit status 0.
* 2012-06-17 11:06:05.380 Cannot initialize SFTP protocol. Is the host running a SFTP server?