如何与WinSCP和ProFTPd一起使用sudo？

Question

在WinSCP中，如果我对SFTP服务器协议选项使用“默认”选项，一切都按预期工作。

按照WinSCP中的sudo中的说明，我将adminuser ALL = NOPASSWD: /usr/sbin/proftpd“添加到/etc/sudoers中，然后尝试在SFTP服务器协议选项上使用"sudo /usr/sbin/proftpd”(它在命令行上工作，没有任何提示)，但它弹出“无法初始化SFTP协议”。主机是否运行SFTP服务器？“

如果我使用"adminuser ALL = NOPASSWD: /bin/su“，并将WINSCP设置为SCP而不是SFTP，那么我可以访问服务器，它可以使用根权限正常工作。

因为后一个sudoers配置太仁慈了，所以我想使用SFTP而不是SCP，因为它允许一个限制性更强的sudo设置(只有proftpd可以作为root运行)。

如何在SFTP模式和WinSCP中使用sudo和ProFTPd？

• WinSCP 4.3.7GUI
• 议定书: SFTP-3
• CentOS 6.2
• Webmin/Virtualmin (当前版本)

PS:只允许基于证书的登录。

. 2012-06-17 11:05:56.998 --------------------------------------------------------------------------
. 2012-06-17 11:05:56.998 WinSCP Version 4.3.7 (Build 1679) (OS 6.1.7601 Service Pack 1)
. 2012-06-17 11:05:56.998 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2012-06-17 11:05:56.999 Login time: Sunday, June 17, 2012 11:05:56 AM
. 2012-06-17 11:05:56.999 --------------------------------------------------------------------------
. 2012-06-17 11:05:56.999 Session name: KVM1 (Modified stored session)
. 2012-06-17 11:05:57.047 Host name: mykvm.com (Port: 22)
. 2012-06-17 11:05:57.048 User name: adminuser (Password: No, Key file: Yes)
. 2012-06-17 11:05:57.048 Tunnel: No
. 2012-06-17 11:05:57.048 Transfer Protocol: SFTP (SCP)
. 2012-06-17 11:05:57.048 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2012-06-17 11:05:57.048 Proxy: none
. 2012-06-17 11:05:57.048 SSH protocol version: 2; Compression: Yes
. 2012-06-17 11:05:57.048 Bypass authentication: No
. 2012-06-17 11:05:57.048 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2012-06-17 11:05:57.048 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2012-06-17 11:05:57.048 SSH Bugs: -,-,-,-,-,-,-,-,-
. 2012-06-17 11:05:57.048 SFTP Bugs: -,-
. 2012-06-17 11:05:57.048 Return code variable: Autodetect; Lookup user groups: Yes
. 2012-06-17 11:05:57.048 Shell: default
. 2012-06-17 11:05:57.048 EOL: 0, UTF: 2
. 2012-06-17 11:05:57.048 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2012-06-17 11:05:57.048 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2012-06-17 11:05:57.048 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-06-17 11:05:57.048 Cache directory changes: Yes, Permanent: Yes
. 2012-06-17 11:05:57.048 DST mode: 1
. 2012-06-17 11:05:57.048 --------------------------------------------------------------------------
. 2012-06-17 11:05:57.113 Looking up host "mykvm.com"
. 2012-06-17 11:05:57.132 Connecting to xxx.xxx.128.59 port 22
. 2012-06-17 11:05:57.499 Server version: SSH-2.0-OpenSSH_5.3
. 2012-06-17 11:05:57.499 Using SSH protocol version 2
. 2012-06-17 11:05:57.499 We claim version: SSH-2.0-WinSCP_release_4.3.7
. 2012-06-17 11:05:57.679 Server supports delayed compression; will try this later
. 2012-06-17 11:05:57.679 Doing Diffie-Hellman group exchange
. 2012-06-17 11:05:58.077 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-06-17 11:05:58.498 Host key fingerprint is:
. 2012-06-17 11:05:58.498 ssh-rsa 2048 bd:e4:34:b1:d4:69:d6:4e:e4:26:04:8b:b7:b3:de:c3
. 2012-06-17 11:05:58.498 Initialised AES-256 SDCTR client->server encryption
. 2012-06-17 11:05:58.498 Initialised HMAC-SHA1 client->server MAC algorithm
. 2012-06-17 11:05:58.498 Initialised AES-256 SDCTR server->client encryption
. 2012-06-17 11:05:58.498 Initialised HMAC-SHA1 server->client MAC algorithm
. 2012-06-17 11:05:58.922 Reading private key file "D:\id_rsa.ppk"
! 2012-06-17 11:05:58.924 Using username "adminuser".
. 2012-06-17 11:05:59.550 Offered public key
. 2012-06-17 11:05:59.743 Offer of public key accepted
! 2012-06-17 11:05:59.743 Authenticating with public key "masterkey for admin"
. 2012-06-17 11:05:59.764 Prompt (3, SSH key passphrase, , Passphrase for key "masterkey for admin": )
. 2012-06-17 11:06:02.938 Sent public key signature
. 2012-06-17 11:06:03.352 Access granted
. 2012-06-17 11:06:03.352 Initiating key re-exchange (enabling delayed compression)
. 2012-06-17 11:06:03.765 Doing Diffie-Hellman group exchange
. 2012-06-17 11:06:03.955 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-06-17 11:06:04.410 Initialised AES-256 SDCTR client->server encryption
. 2012-06-17 11:06:04.410 Initialised HMAC-SHA1 client->server MAC algorithm
. 2012-06-17 11:06:04.410 Initialised zlib (RFC1950) compression
. 2012-06-17 11:06:04.410 Initialised AES-256 SDCTR server->client encryption
. 2012-06-17 11:06:04.410 Initialised HMAC-SHA1 server->client MAC algorithm
. 2012-06-17 11:06:04.410 Initialised zlib (RFC1950) decompression
. 2012-06-17 11:06:04.839 Opened channel for session
. 2012-06-17 11:06:05.247 Started a shell/command
. 2012-06-17 11:06:05.253 --------------------------------------------------------------------------
. 2012-06-17 11:06:05.253 Using SFTP protocol.
. 2012-06-17 11:06:05.253 Doing startup conversation with host.
> 2012-06-17 11:06:05.259 Type: SSH_FXP_INIT, Size: 5, Number: -1
. 2012-06-17 11:06:05.354 Server sent command exit status 0
. 2012-06-17 11:06:05.354 Disconnected: All channels closed
* 2012-06-17 11:06:05.380 (ESshFatal) Connection has been unexpectedly closed. Server sent command exit status 0.
* 2012-06-17 11:06:05.380 Cannot initialize SFTP protocol. Is the host running a SFTP server?

Answer 1

如果您已经可以通过SSH-2.0OpenSSH_5.3访问ssh/scp/sftp，则不需要尝试设置另一个守护进程。