问题
Using the standard client.open_sftp()
handle gives me SFTP controls but without sudo/root permissions, any sort of /etc/**
files can't be edited. I have a user that has passwordless sudo access, I figured I could maybe start off with sudo su
and then invoke SFTP but that did not seem to be the case.
t = paramiko.Transport(('192.168.56.102', 22))
t.connect(username='vagrant', password='vagrant')
chan = t.open_session()
chan.get_pty()
chan.invoke_subsystem('sftp')
chan.exec_command('sudo su')
sftp = paramiko.SFTPClient.from_transport(t)
.. the error
paramiko.ssh_exception.SSHException: Channel closed.
DEBUG:paramiko.transport:EOF in transport thread
Any tips how to get Paramiko to open SFTP with sudo access?
回答1:
First, automating su
or sudo
is not the correct solution.
The correct solution is to setup a dedicated private key with only privileges needed for your task.
The invoke_subsystem
and exec_command
are generally mutually exclusive. You can use one or the other, but not both. A "subsystem" is kind of an alias to a "command". I.e. the "sftp"
subsystem is typically an alias to the "/bin/sftp-server"
command (thought that's a very simplified explanation).
There's no native support for executing SFTP subsystem as a different user.
So all you can do is to execute the sftp_server
binary directly as a different user.
chan.exec_command('sudo su -c /bin/sftp-server')
(Assuming *nix OpenSSH server)
And you definitely cannot request PTY (get_pty
) as that's incompatible with the SFTP protocol.
来源:https://stackoverflow.com/questions/35190595/how-do-you-start-python-paramiko-sftp-with-sudo