131

I have a file on server A (which is behind a NAT so not directly addressable). The file needs to be copied to server B in a directory restricted to root. I have an account on server B with sudo privileges. What is the syntax for the scp command?

quack quixote
  • 42,186
  • 14
  • 105
  • 129
Neil
  • 1,435
  • 2
  • 10
  • 9
  • I have answered on [another posting](http://superuser.com/a/1120455/559952) how you can customize scp do the sudo for you directly. This is similar to what WinSCP does. – YoYo Sep 02 '16 at 22:56

7 Answers7

109

First, you need to copy the file to a place where you have write access without sudo,

scp yourfile serverb:

Then move the file using sudo

ssh serverb sudo mv yourfile /path/to/the/destination

If you do not have a writable place, make a temporary dir with write permission for your user.

ssh serverb sudo mkdir tempdir && sudo chmod 777 tempdir
scp yourfile serverb:tempdir
ssh serverb mv tempdir/yourfile /path/to/the/destination
Johan
  • 1,596
  • 1
  • 12
  • 13
  • 13
    /tmp is a good place for writing temporary files that (usually) all users have access to. – Doug Harris May 07 '10 at 23:28
  • 4
    @Doug: Note that /tmp could be in RAM or in / mounting point, and not necessarily large enough to host big files. – Ravachol Dec 12 '11 at 16:38
  • 10
    Whatever you are trying to accomplish, `chmod 777` is usually the wrong way to do it. Consider what could happen if somebody else was logged in and knew you were about to run this code. – tripleee Jul 23 '14 at 13:39
  • 1
    `ssh sudo` doesn't work for me -- complains "no tty present and no askpass program specified"? – Ross Presser Sep 15 '17 at 17:56
  • 1
    @RossPresser sorry for late answer, but you either need to setup passwordless sudo on `serverb` or you need to `ssh serverb` separately, then run `sudo ...` after logged in. – Johan Oct 09 '19 at 12:26
  • @RossPresser it worked for me with the additional option -t to send pseudo-tty. – Beginner Jun 28 '20 at 20:30
109

With SCP, you have to do in two steps, however, you can do it in one with rsync as follows:

rsync --rsync-path="sudo rsync" <LOCALFILE> USER@SERVER2:/root

Note: This does require NOPASSWD sudo configuration. If you have to enter the password for sudo, then the two step way is needed.

To copy directory, you need to add -r parameter. And -v for verbose output.

To use above method with credentials, you need to add them into your ~/.ssh/config file, e.g.

Host SERVER2
  HostName server2.example.colm
  User USER
  #IdentityFile ~/.ssh/custom_key.pem
kenorb
  • 24,736
  • 27
  • 129
  • 199
MasterCheffinator
  • 1,191
  • 1
  • 7
  • 3
21

You can use ssh and tar to work around this:

ssh -t host 'sudo -v'
ssh -C host 'cd /; sudo tar cf - path/to/file/or/dir' | tar xpsf - --preserve

This first updates your sudo timestamp (asking for a password if necessary, which requires a tty (ssh -t)), and then uses sudo to create a tarball remotely and extract it locally.

"tar" on RedHat 5 requires the "--preserve" options to come after the "xpsf -" command.

Community
  • 1
blueyed
  • 1,201
  • 11
  • 20
6

You can use sftp with sudo command, for instance:

sftp -s 'sudo -u REMOTE_SUDO_USER /usr/libexec/openssh/sftp-server' REMOTE_USER@HOST
DaniloNC
  • 161
  • 1
  • 1
  • 1
    This and the rsync methods are probably the most direct way of doing it in one step. It is unfortunate that the scp task in ant does not support it. You can set it to use sftp, but you cannot modify the remote sub-program. Note that the sub-program will be different depending on the type of server (solaris might be different). – YoYo Feb 15 '17 at 02:53
  • 1
    I don't see where in this solution you actually specify the local file to be transferred to the server. – Nathan Bubna Oct 15 '20 at 21:15
2

If you need to type password for sudo every-time, you can save it to a file:

echo "Enter password: "; read -s password; echo $password > password_file

and then send it along with the source file.

cat password_file source_file | ssh remote_host 'sudo -S sponge target_file'

You can use tee instead of sponge if you don’t have moreutils.

Jan Tojnar
  • 172
  • 6
2

First, you need to copy the file to a place where you have write access without sudo, You can do the following two steps.

Step 1: scp filename newserver

Step 2: ssh newserver sudo mv filename /path/to/the/destination

for more information read scp tutorial

Mike Tyson
  • 21
  • 1
-1
current server $ sudo scp username@server:source/path/filename /tmp/

It will copy specific file from source to /tmp/ in current server

Sathyajith Bhat
  • 61,504
  • 38
  • 179
  • 264
Kumar
  • 1