How can I allow a user sudo/root on SFTP?
You don't - such a mechanism for elevated privilege browsing as a non-root user doesn't exist in SFTP.
You would have to enable the root
account and give whomever needs the elevated access direct access to that account instead, which for obvious security reasons (risk of bruteforcing the root
account and risking someone gaining power over your system, for starters) is dangerous.
Related videos on Youtube
Brisk Node
Updated on September 18, 2022Comments
-
Brisk Node over 1 year
I've got a Hetzner Dedicated Root server, and would like to either allow the root user to access SFTP - Which doesn't work at the moment, I get this error:
Status: Connecting to <IP>... Response: fzSftp started, protocol_version=8 Command: open "root@<IP>" 22 Command: Pass: ** Error: Authentication failed. Error: Critical error: Could not connect to server
Or, I'd like a new secondary user with all permissions. At the moment I have a second user, but it cannot access/read/write all directories (
/etc/nginx/sites-available
specifically).I used OVH before Hetzner and they had pre-configured root SFTP access. However, Hetzner's servers don't have this setup and I've been struggling.
So, to summarise: I'd like to use SFTP as a root/sudo user with unrestricted access to all files.
-
Brisk Node over 5 yearsOVH allowed full unrestricted SFTP over the root login.
-
Thomas Ward over 5 years@BriskNode but that's OVH being stupid with their VPSes; default permissions and such, and you're using the
root
account directly. (They actually intend for you to use that only temporarily and then harden up the system). Just because OVH allows something doesn't mean it's not dangerous or a good security practice. -
Brisk Node over 5 yearsThanks for telling me about this. I had a dedicated server on OVH with this but switched to Hetzner for more RAM for my budget. Is there a way to give another SFTP only user access to all files?
-
Thomas Ward over 5 years@BriskNode ACLs, but you should never give a non-root account total system access like that.
-
Brisk Node over 5 yearsI'll probably remove access when I've done setting it up