73
14
I have a file on server A (which is behind a NAT so not directly addressable). The file needs to be copied to server B in a directory restricted to root. I have an account on server B with sudo privileges. What is the syntax for the scp command?
Neil
Posted 2010-05-07T21:42:14.097
Reputation: 855
61
First, you need to copy the file to a place where you have write access without sudo,
scp yourfile serverb:
Then move the file using sudo
ssh serverb sudo mv yourfile /path/to/the/destination
If you do not have a writable place, make a temporary dir with write permission for your user.
ssh serverb sudo mkdir tempdir && sudo chmod 777 tempdir
scp yourfile serverb:tempdir
ssh serverb mv tempdir/yourfile /path/to/the/destination
Johan
Posted 2010-05-07T21:42:14.097
Reputation: 1 076
4Whatever you are trying to accomplish, chmod 777 is usually the wrong way to do it. Consider what could happen if somebody else was logged in and knew you were about to run this code. – tripleee – 2014-07-23T13:39:20.147
7/tmp is a good place for writing temporary files that (usually) all users have access to. – Doug Harris – 2010-05-07T23:28:51.110
1ssh sudo doesn't work for me -- complains "no tty present and no askpass program specified"? – Ross Presser – 2017-09-15T17:56:49.207
1@RossPresser sorry for late answer, but you either need to setup passwordless sudo on serverb or you need to ssh serverb separately, then run sudo ... after logged in. – Johan – 2019-10-09T12:26:06.227
3@Doug: Note that /tmp could be in RAM or in / mounting point, and not necessarily large enough to host big files. – Ravachol – 2011-12-12T16:38:49.397
50
With SCP, you have to do in two steps, however, you can do it in one with rsync as follows:
rsync --rsync-path="sudo rsync" <LOCALFILE> USER@SERVER2:/root
Note: This does require NOPASSWD sudo configuration. If you have to enter the password for sudo, then the two step way is needed.
To copy directory, you need to add -r parameter. And -v for verbose output.
To use above method with credentials, you need to add them into your ~/.ssh/config file, e.g.
Host SERVER2
HostName server2.example.colm
User USER
#IdentityFile ~/.ssh/custom_key.pem
MasterCheffinator
Posted 2010-05-07T21:42:14.097
Reputation: 601
6This is by far the simplest way to do it. – Matt White – 2014-07-23T20:55:05.623
Error sudo: sorry, you must have a tty to run sudo fixed by
-e "ssh -tt". – mj41 – 2015-02-03T13:26:43.313
@mj41 With -e "ssh -tt", I get protocol version mismatch -- is your shell clean?. Any hints on how to fix that? – ax. – 2017-12-19T18:34:00.740
19
You can use ssh and tar to work around this:
ssh -t host 'sudo -v'
ssh -C host 'cd /; sudo tar cf - path/to/file/or/dir' | tar xpsf - --preserve
This first updates your sudo timestamp (asking for a password if necessary, which requires a tty (ssh -t)), and then uses sudo to create a tarball remotely and extract it locally.
"tar" on RedHat 5 requires the "--preserve" options to come after the "xpsf -" command.
blueyed
Posted 2010-05-07T21:42:14.097
Reputation: 1 071
This would require tty_tickets to be disabled, correct? – Jacob Budin – 2016-03-31T22:04:13.863
@JacobBudin yes. – blueyed – 2016-04-02T23:58:52.823
Just a note: if you get tar: Invalid replacement string, removing -s in the seems to fix it (not sure what you need the s for anyway). Many thanks; this is awesome. – RecursivelyIronic – 2013-02-15T21:55:39.447
4
You can use sftp with sudo command, for instance:
sftp -s 'sudo -u REMOTE_SUDO_USER /usr/libexec/openssh/sftp-server' REMOTE_USER@HOST
DaniloNC
Posted 2010-05-07T21:42:14.097
Reputation: 141
1This and the rsync methods are probably the most direct way of doing it in one step. It is unfortunate that the scp task in ant does not support it. You can set it to use sftp, but you cannot modify the remote sub-program. Note that the sub-program will be different depending on the type of server (solaris might be different). – YoYo – 2017-02-15T02:53:46.823
0
If you need to type password for sudo every-time, you can save it to a file:
echo "Enter password: "; read -s password; echo $password > password_file
and then send it along with the source file.
cat password_file source_file | ssh remote_host 'sudo -S sponge target_file'
You can use tee instead of sponge if you don’t have moreutils.
Jan Tojnar
Posted 2010-05-07T21:42:14.097
Reputation: 152
0
First, you need to copy the file to a place where you have write access without sudo, You can do the following two steps.
Step 1:
scp filename newserver
Step 2:
ssh newserver sudo mv filename /path/to/the/destination
for more information read scp tutorial
Mike Tyson
Posted 2010-05-07T21:42:14.097
Reputation: 1
-1
current server $ sudo scp username@server:source/path/filename /tmp/
It will copy specific file from source to /tmp/ in current server
Kumar
Posted 2010-05-07T21:42:14.097
Reputation: 1
It will execute the sudo locally, giving you no elevated privileges remotely. – YoYo – 2017-02-17T22:58:50.053
This just won't work, as @Yoyo says. – Mani – 2018-03-02T11:46:36.273
scp won't probably connect, because it will reads the key of root – Pierre-Olivier Vares – 2018-08-10T14:55:03.393
Similar question: http://superuser.com/questions/87597/how-to-perform-scp-as-a-sudo-user
– Kevin Panko – 2010-05-07T21:45:59.827i've closed the older question as a duplicate of this one, since the question asker never regained ownership of that question. – quack quixote – 2010-05-08T00:51:13.913
I have answered on another posting how you can customize scp do the sudo for you directly. This is similar to what WinSCP does.
– YoYo – 2016-09-02T22:56:31.777