Ask user for password?
But maybe it's possible to implement something better?
Background: On my targetserver I can only log in with my personal account. There I am only allowed to do a
sudo su - TARGETUSER
. This is then prompting me for the password.
The workaround I'm using is a script which is called by
sudo
as SUDO_ASKPASS
. That script is connecting to a fifo where, on the other end, I have an open terminal session where I enter my password. This seems to work quite good, besides the small security risk that someone could read from my fifo while I'm thinking I'm communicating with my WinSCP-invoked script.
What I'm thinking about is: Would it be possible to have a script on my targetserver which can communicate back with WinSCP, sending WinSCP the request to ask the user for a password? It would then get the password from WinSCP and would give it back to
sudo
via stdout.