scp to remote server with sudo

command-line security sudo scp

212,587

Solution 1

First, you need to copy the file to a place where you have write access without sudo,

scp yourfile serverb:

Then move the file using sudo

ssh serverb sudo mv yourfile /path/to/the/destination

If you do not have a writable place, make a temporary dir with write permission for your user.

ssh serverb sudo mkdir tempdir && sudo chmod 777 tempdir
scp yourfile serverb:tempdir
ssh serverb mv tempdir/yourfile /path/to/the/destination

Solution 2

With SCP, you have to do in two steps, however, you can do it in one with rsync as follows:

rsync --rsync-path="sudo rsync" <LOCALFILE> USER@SERVER2:/root

^{Note: This does require NOPASSWD sudo configuration. If you have to enter the password for sudo, then the two step way is needed.}

To copy directory, you need to add -r parameter. And -v for verbose output.

To use above method with credentials, you need to add them into your ~/.ssh/config file, e.g.

Host SERVER2
  HostName server2.example.colm
  User USER
  #IdentityFile ~/.ssh/custom_key.pem

Solution 3

You can use ssh and tar to work around this:

ssh -t host 'sudo -v'
ssh -C host 'cd /; sudo tar cf - path/to/file/or/dir' | tar xpsf - --preserve

This first updates your sudo timestamp (asking for a password if necessary, which requires a tty (ssh -t)), and then uses sudo to create a tarball remotely and extract it locally.

"tar" on RedHat 5 requires the "--preserve" options to come after the "xpsf -" command.

Solution 4

You can use sftp with sudo command, for instance:

sftp -s 'sudo -u REMOTE_SUDO_USER /usr/libexec/openssh/sftp-server' REMOTE_USER@HOST

Solution 5

First, you need to copy the file to a place where you have write access without sudo, You can do the following two steps.

Step 1: scp filename newserver

Step 2: ssh newserver sudo mv filename /path/to/the/destination

for more information read scp tutorial

View more solutions

212,587

Neil

Updated on September 17, 2022

Comments

Neil over 1 year

I have a file on server A (which is behind a NAT so not directly addressable). The file needs to be copied to server B in a directory restricted to root. I have an account on server B with sudo privileges. What is the syntax for the scp command?
- YoYo over 7 years
  
  I have answered on another posting how you can customize scp do the sudo for you directly. This is similar to what WinSCP does.
Doug Harris almost 14 years

/tmp is a good place for writing temporary files that (usually) all users have access to.
sparrow over 12 years

@Doug: Note that /tmp could be in RAM or in / mounting point, and not necessarily large enough to host big files.
Lucas Wiman about 11 years

Just a note: if you get tar: Invalid replacement string, removing -s in the seems to fix it (not sure what you need the s for anyway). Many thanks; this is awesome.
tripleee almost 10 years

Whatever you are trying to accomplish, chmod 777 is usually the wrong way to do it. Consider what could happen if somebody else was logged in and knew you were about to run this code.
mj41 over 9 years

Error sudo: sorry, you must have a tty to run sudo fixed by -e "ssh -tt".
Jacob Budin about 8 years

This would require tty_tickets to be disabled, correct?
blueyed about 8 years

@JacobBudin yes.
YoYo about 7 years

This and the rsync methods are probably the most direct way of doing it in one step. It is unfortunate that the scp task in ant does not support it. You can set it to use sftp, but you cannot modify the remote sub-program. Note that the sub-program will be different depending on the type of server (solaris might be different).
YoYo about 7 years

It will execute the sudo locally, giving you no elevated privileges remotely.
Ross Presser over 6 years

ssh sudo doesn't work for me -- complains "no tty present and no askpass program specified"?
ax. over 6 years

@mj41 With -e "ssh -tt", I get protocol version mismatch -- is your shell clean?. Any hints on how to fix that?
Mani about 6 years

This just won't work, as @Yoyo says.
Pierre-Olivier Vares over 5 years

scp won't probably connect, because it will reads the key of root
Johan over 4 years

@RossPresser sorry for late answer, but you either need to setup passwordless sudo on serverb or you need to ssh serverb separately, then run sudo ... after logged in.
Synox about 4 years

This should be the accepted answer :)
Beginner almost 4 years

@RossPresser it worked for me with the additional option -t to send pseudo-tty.
Nathan Bubna over 3 years

I don't see where in this solution you actually specify the local file to be transferred to the server.
Admin almost 2 years

Not all systems have rsync: sudo: rsync: command not found so scp is still more universal way.