cygwin: ssh identity file not accessible - ssh

I am new to cygwin. I have problems to use ssh there.
When I try using it I get the following error:
$ ssh -i /home/Sebastian/.ssh/id_rsa user#domain
Warning: Identity file /home/Sebastian/.ssh/id_rsa not accessible: No such file or directory.
user#domain: Permission denied (publickey).
permissions are set as following:
drwx------+ 1 Sebastian Kein 0 Dec 31 15:06 /home/Sebastian/.ssh
-rw------- 1 Sebastian Kein 1766 Oct 11 22:24 /home/Sebastian/.ssh/id_rsa
I mounted / to C:\programs\cygwin64
part 2, I added some changes:
I removed all world and group permissions on id_rsa in Windows 10
The following works now:
> ssh -i .ssh/id_rsa user#domain
Any other way to access the id_rsa file fails (/home/Sebastian/.ssh/id_rsa or ~/.ssh/id_rsa) for example. Neither does rsync with ssh work
Does anyone have an idea whats wrong here?

The plus in drwx------+ suggests there is extended ACL.
What you can try is to do a backup of /etc/fstab, then change the line to :
none /cygdrive cygdrive binary,noacl,posix=0,user 0 0
and restart Windows and try ssh again.

Related

Trying to setup ssh keys and encountering some issues in giving proper permissions

After generating ssh keys, I have tried to login but, I am getting a message Permission denied (publickey). This seems to be an error in access permissions.
After generating ssh keys for logging into cluster, when i give the command below from the terminal
$> ls -l ~/.ssh/id_*
I should get in return:
-rw------- 1 git git 751 Mar 1 20:16 /home/username/.ssh/id_rsa
-rw-r--r-- 1 git git 603 Mar 1 20:16 /home/username/.ssh/id_rsa.pub
Instead I am getting:
-rw-r--rw- 1 ubuntu ubuntu 3381 févr. 15 18:35 /home/ubuntu.ssh/id_rsa
-rw-r--rw- 1 ubuntu ubuntu 737 févr. 15 18:35 /home/ubuntu/.ssh/id_rsa.pub
Hence login fails with message:
Permission denied (publickey).

Can't access ttyACM device in mode 0660

I want to be able to read and write ttyACM device, particularly Arduino Leonardo board under Fedora.
I made a following rule:
SUBSYSTEM=="tty", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="8036", SYMLINK+="arduino", MODE="0660", GROUP="plugdev"
Symlink is created but I do not have permission to read the device:
[nexy#shire ~]$ cat /dev/arduino
cat: /dev/arduino: Permission denied
Showing ls gives the following:
[nexy#shire ~]$ ls -l /dev/arduino /dev/ttyACM0
lrwxrwxrwx. 1 root root 7 Dec 18 15:25 /dev/arduino -> ttyACM0
crw-rw----. 1 root dialout 166, 0 Dec 18 15:25 /dev/ttyACM0
When I change mode to 0666 then it works. I belong to the group plugdev:
[nexy#shire ~]$ sudo groups nexy
nexy : nexy wheel plugdev
You might have to log out and log back in or restart your computer if you just added yourself to the group recently.

Openssh Connection does not work with AuthorizedKeysCommand

I have added these lines on sshd_config
AuthorizedKeysCommand /authorizedkeys/authorized-keys
AuthorizedKeysCommandUser ssh-keys
-rwxr-x--- 1 root ssh-keys 712 Dec 23 22:36 /authorizedkeys/authorized-keys
-rwxr-x--- 1 root ssh-keys 712 Dec 23 22:36 authorized-keys
ssh-keys user can excecute the file(/authorizedkeys/authorized-keys).
but I cannot ssh to server; ssh git#myserver.com
in auth.log I can see this line,
error: Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /
if I give 770 permission to /authorizedkeys/authorized-keys file, I get following error,
error: Unsafe AuthorizedKeysCommand: bad ownership or modes for file /authorizedkeys/authorized-keys
I tried using root as the AuthorizedKeysCommandUser and changed permission and owner of /authorizedkeys/authorized-keys file. it did not work too.
I am using OpenSSH_6.6.1p1 on ubuntu 14.04.
note:I can ssh fine with authorized_keys file
Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /
It's complaining about ownership or permissions on the root directory. According to the source code the file, the directory containing the file, and all parent directories (including the root directory) have to be owned by root. The permissions on all of these files and directories have to be 0755 (deny write access to group and other).
My guess is that you have group write permission set on your root directory, or something like that.
Giving 0770 permissions to "/authorizedkeys/authorized-keys" also causes that file to fail the permissions check.
For completeness, this is the section of code which emits the directory error:
if (stat(buf, &st) < 0 ||
(!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
snprintf(err, errlen,
"bad ownership or modes for directory %s", buf);
return -1;
}
It emits that error if:
The stat() call fails for a directory
The file doesn't belong to root ("uid" is 0 here)
The file's permissions include write-by-group or write-by-other.
authorized_keys file should be chmod 600 and the .ssh directory should be chmod 700 .
you need to give proper permission to the keys on the remote host:
[remote-host]$ chmod 755 ~/.ssh
[remote-host]$ chmod 644 ~/.ssh/authorized_keys

Redis: Failed opening .rdb for saving: Permission denied

I have a redis server 2.8 installed using ubuntu apt-get on ubuntu 12.04.
I have copied a dump.rdb from an other database. Now when I try to start the new server, I constantly get:
[35763] 04 Mar 01:51:47.088 * 1 changes in 900 seconds. Saving...
[35763] 04 Mar 01:51:47.088 * Background saving started by pid 43313
[43313] 04 Mar 01:51:47.088 # Failed opening .rdb for saving: Permission denied
How can I solve this?
You should check your redis.conf file to see the permissions in dir and dbfilename. If the file named in the dbfilename which is located in the path specified in the dir path exists and the permission is also right. then the problem should be fixed.
Hope this will help someone.
P.S.
To find the redis.conf file location, you can use the #ps ax | grep redis to check. Usually it will be passed to the redis-server as input file.
For the dir permissions:it should be 755, for the dbfilename, it should be 644
Sometimes you also need to use top command to check whether the user:group of the redis-server and the owner of dir are consistent. i.e. The redis-server is running by redis:redis, but the dir is under root:root. In this case, you need to chown redis:redis -R dir.
Non of the above worked for me.. I've seen everyone around being so concerned on BGSAVE.. but while you're not on production, SAVE gives you a way more straight forward answer: ERR. BGSAVE does not, unless you inspect logs.
After digging dozens of posts I did not find any clue. The only thing that fixed was stopping the redis service and running it manually.
At first I thought it could be related to the user on behalf of redis was running. Not at all: the actual difference was the damn systemd subsystem which at some point in the redis config service file (/etc/systemd/system/redis.service) had the following:
ReadWriteDirectories: -/etc/redis
WoW super cool! ended up this was preventing redis from accessing anywhere in the system at all even though the permissions would perfectly allow it.
How naive of me to think that permission were just enough to ensure something had the proper rights.. (yes, I'm being ironic).
My /lib/system/systemd/redis-server.service file contained the following:
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis
My /etc/redis/redis.conf file stated that the database should be located in /data/redis
dir /data/redis
The systemd config file above effectively makes /data/redis read-only.
Once I changed the redis.conf file to read:
dir /var/lib/redis
I stopped getting the error.
My permission issue seemed to be the result of the Redis user being unable to modify the parent folder (/var/lib/redis/6379) for the purposes of creating a temporary file.
This was seen in an strace of the redis-server process:
open("temp-1833.rdb", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 EACCES (Permission denied)
The issue was resolved after running the following command:
setfacl -m d:u:redis:rwX,u:redis:rwX /var/lib/redis/6379
For windows only :
This means the user does not have permission for this.
BY default owner of this file is NETWORK SERVICE, which has very limited access and need to changed(as per documentation)
solution :
go to ur redis folder.
right click --> go to properties--> security tab.
click on advanced.
click on Add to add ur user.
click on select a principal.
enter ur user (for eg GLOBAL\xxx).
click on check names and click on ok
give permissions to this user.
finally change the owner to this user.
Check the configuration 'dbfilename' in your redis.conf. Your redis running process have no write permission in the path.
In my case all rights were correct(I mean that the most stared answer doesn't help me). BUT! Redis used an incorrect path to file. In config it was correct, but from rails-cli it returned '/proc'.
This answer helped me - https://serverfault.com/questions/800295/redis-spontaneously-failed-failed-opening-rdb-for-saving-permission-denied
Warning
For exact question it doesn't matter, but my situation looked like someone hacked server. Link to explanation. So check your setup properly.
supervised systemd is intended solely for Type=notify and daemonize yes corresponds to Type=forking.
sudo vim /etc/systemd/system/redis.service
When you see the service file edit the Type=forking
[Unit]
Description=Redis In-Memory Data Store
After=network.target
[Service]
User=redis
Type=forking
Group=redis
ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
ExecStop=/usr/bin/redis-cli shutdown
Restart=always
[Install]
WantedBy=multi-user.target
Open up this file
sudo vim /etc/redis/redis.conf
Add these changes to it
daemonize yes
supervised no
In my case when I typed the following command sudo tail -F /var/log/redis/redis-server.log I get this log:
987:C 08 Dec 22:28:30.344 # Can't chdir to '/var/lib/redis': Permission denied
1047:C 08 Dec 22:28:30.565 # Can't chdir to '/var/lib/redis': Permission denied
1095:C 08 Dec 22:28:30.876 # Can't chdir to '/var/lib/redis': Permission denied
1119:C 08 Dec 22:28:31.165 # Can't chdir to '/var/lib/redis': Permission denied
1151:C 08 Dec 22:28:31.413 # Can't chdir to '/var/lib/redis': Permission denied
1500:C 08 Dec 22:30:44.706 # Can't chdir to '/var/lib/redis': Permission denied
1523:C 08 Dec 22:30:45.194 # Can't chdir to '/var/lib/redis': Permission denied
1545:C 08 Dec 22:30:45.442 # Can't chdir to '/var/lib/redis': Permission denied
1568:C 08 Dec 22:30:45.696 # Can't chdir to '/var/lib/redis': Permission denied
1590:C 08 Dec 22:30:45.940 # Can't chdir to '/var/lib/redis': Permission denied
That means the user redis doesn't have permission on /var/lib/redis.
That's why I typed this command sudo ls -l /var/lib/redis to see the permissions in this directory. I get the following log:
-rw-r--r-- 1 root root 885 Dec 8 22:12 dump.rdb
That means it was associated with root instead of redis.
Then I typed the following command to change the owner of that directory: sudo chown -R redis:redis /var/lib/redis/.
Then I restarted redis-server by the following command: sudo systemctl restart redis-server.
Boom!! It worked.
Hope this will work for someone, who have similar issue as mine.
If anyone encounters this again and doesn't have a problem upgrading, just upgrade your Redis installation to the latest version. I encountered this problem with Redis 2.8.15, and upgraded to Redis 2.8.22 that was available at the time of this writing. A sysadmin in my company assured me that this was a bug with Redis 2.8.15, and the problem just went away after upgrading.
I had the same issue with redis used by Sidekiq in Rails application, rm -rf ./tmp/ worked like charm.
I spent some time on this until i realised that my cmd line session was running in the wrong drive :/. Just in case this might help anyone else!
The lock file in the log directory is what was causing this error for me. I was able to clear the error by deleting the lock file:
rm /var/log/redis/lock.
This happened when another system was restored to this one while redis was still running.
No one hasn't mentioned about SELinux.
On Centos most probably you will have such error when selinux mode = enforcing.
Just check getenforce and if it set to 'enforcing' , hit setenforce 0 and try one more time to run service.
If you are on Windows and the Redis folder was installed in C: \ Program Files \ Redis for example, you will have a problem with access permission. Modifying files within the Program Files folder, usually requires administrator permission and dump.rdb is within this context. In your redis.conf, modify the default directory to anywhere outside the Program Files folder:
from: dir ./
to: dir ../../Exceptions/Redis/
Note that I went up the directory twice to leave the Program Files folder and outside of it I created any directory (C:\Exceptions\Redis). In this directory Redis can save the .rdb file without permission problems.

~/.ec2/id_rsa-gsg-keypair not accessible: No such file or directory

I'm trying to launch a Hadoop cluster on Amazon ec2, using the instructions in "Hadoop in Action" (also here: http://wiki.apache.org/hadoop/AmazonEC2).
I've set up my private ssh key and configurations, but when I try to launch a cluster using the command-line tools:
hadoop-ec2 launch-cluster test-cluster 2
I repeatedly get this error:
Warning: Identity file ~/.ec2/id_rsa-gsg-keypair not accessible: No such file or directory.
Permission denied (publickey,gssapi-with-mic).
The ~/.ec2/id_rsa-gsg-keypair definitely exists, though, and I did chmod 600 it:
> chmod 600 ~/.ec2/id_rsa-gsg-keypair
> ls -l id_rsa-gsg-keypair
-rw------- 1 my-username
Any idea what's wrong?
You may have already realized this, but the problem is possibly related to the ~/ path usage. Try using the absolute path /home/username/.ec2