0

I fully understand why I should disable Root login on a production server. That makes sense. I can log in as username, then sudo back to root functions just fine from the terminal.

What I'm unable to do is utilize a graphic type of secure file transfer protocol (SFTP) tool (e.g. filezilla) to get access to key directories. Is there a way to keep the root login disabled and use SFTP, or am I stuck using a terminal $ ssh login with wget or curl for all of my file transfer needs?

The problem is that I can only use wget or curl for content loaded on a server somewhere. I can't directly upload content from my laptop/desktop development machine to the server. Yes, I am aware that git style transfers are an other possibility. I would need a private git repo somewhere to make that work.

Is there a way to set a sudo access for the SFTP tool, without using a root login?

Is there an alternative method to send new content to a online server via remote access, without compromising security?

Same thing goes for downloading / reading systems content. I know I can do a lot of things via terminal and su - or sudo, but I have to say, reading a systems log file that is 10 megs long is just out of the question with vim or nano.

zipzit
  • 101

1 Answers1

0

I do not believe you can sudo via sftp but if you can somehow setup so sudo would not ask for a password (for example use !tty_tickets and run any command with sudo beforehand, or your-user ALL=NOPASSWD: /bin/tar *) then you can do something like:

    tar cf - /some/dir | ssh your-user@your-server.com "sudo tar xf - -C /some/dir"

But then again, giving your user passwordless root access to tar is also a security consideration, so maybe only do it while you are transfering the files.

soger
  • 121