Unable to connect to Linode with public/private key - ssh

I am unable to connect with Putty and WinSCP with my public/private key generated from Puttygen. I have pageant running in the background. It is telling me that the key is refused by the server :( See the output below for WinSCP.
Any idea how to fix this problem?
Edit: for Putty and WinSCP, the recurring error message is:
`Unable to use key file "C:\Program Files (x86)\PuTTY\private_key.ppk" (unable to open file)`
Below is the error log from WinSCP:
. 2015-02-27 11:56:56.744 --------------------------------------------------------------------------
. 2015-02-27 11:56:56.744 WinSCP Version 5.5.6 (Build 4746) (OS 6.3.9600 - Windows 8.1)
. 2015-02-27 11:56:56.744 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2015-02-27 11:56:56.745 Local account: STICKSWORD\Michael
. 2015-02-27 11:56:56.745 Working directory: C:\Program Files (x86)\WinSCP
. 2015-02-27 11:56:56.745 Process ID: 4324
. 2015-02-27 11:56:56.745 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2015-02-27 11:56:56.745 Time zone: Current: GMT-5, Standard: GMT-5 (Eastern Standard Time), DST: GMT-4 (Eastern Daylight Time), DST Start: 3/8/2015, DST End: 11/1/2015
. 2015-02-27 11:56:56.745 Login time: Friday, February 27, 2015 11:56:56 AM
. 2015-02-27 11:56:56.745 --------------------------------------------------------------------------
. 2015-02-27 11:56:56.745 Session name: paraderest (Site)
. 2015-02-27 11:56:56.745 Host name: 66.228.42.37 (Port: 22)
. 2015-02-27 11:56:56.745 User name: (Password: No, Key file: Yes)
. 2015-02-27 11:56:56.745 Tunnel: No
. 2015-02-27 11:56:56.745 Transfer Protocol: SFTP (SCP)
. 2015-02-27 11:56:56.745 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2015-02-27 11:56:56.745 Proxy: none
. 2015-02-27 11:56:56.745 Send buffer: 262144
. 2015-02-27 11:56:56.745 SSH protocol version: 2; Compression: No
. 2015-02-27 11:56:56.745 Bypass authentication: No
. 2015-02-27 11:56:56.745 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2015-02-27 11:56:56.745 GSSAPI: Forwarding: No; Server realm:
. 2015-02-27 11:56:56.745 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2015-02-27 11:56:56.745 SSH Bugs: A,A,A,A,A,A,A,A,A,A
. 2015-02-27 11:56:56.745 Simple channel: Yes
. 2015-02-27 11:56:56.745 Return code variable: Autodetect; Lookup user groups: A
. 2015-02-27 11:56:56.746 Shell: default
. 2015-02-27 11:56:56.746 EOL: 0, UTF: 2
. 2015-02-27 11:56:56.746 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2015-02-27 11:56:56.746 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2015-02-27 11:56:56.746 SFTP Bugs: A,A
. 2015-02-27 11:56:56.746 SFTP Server: default
. 2015-02-27 11:56:56.746 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2015-02-27 11:56:56.746 Cache directory changes: Yes, Permanent: Yes
. 2015-02-27 11:56:56.746 DST mode: 1; Timezone offset: 0h 0m
. 2015-02-27 11:56:56.746 --------------------------------------------------------------------------
. 2015-02-27 11:56:56.821 Looking up host "66.228.42.37"
. 2015-02-27 11:56:56.821 Connecting to 66.228.42.37 port 22
. 2015-02-27 11:56:57.106 Server version: SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze2
. 2015-02-27 11:56:57.106 Using SSH protocol version 2
. 2015-02-27 11:56:57.106 We claim version: SSH-2.0-WinSCP_release_5.5.6
. 2015-02-27 11:56:57.145 Doing Diffie-Hellman group exchange
. 2015-02-27 11:56:57.283 Doing Diffie-Hellman key exchange with hash SHA-256
. 2015-02-27 11:56:58.052 Verifying host key rsa2 0x10001,0xc6a6132527e50389 28ae28852cc474b0 29aab41436be0289 53429f1f719ac6ae eaa5bfc3d0bac53d fb037711f24c9dc9 9b745912f477e281 ad93820b73ccd6a0 b393e9baf6528f86 083b86ddd14dd548 8a981b7aaca7578f b7b522f4594deebd a90a53a2790c2953 91137ba497543b0a 522fe7631fa8fc23 c526324723d4edff daa8baddb0f5788c 50952d3d3f83245f 7b14e5f1aa58d8ee 05fafc42afe49b4f b7aea54028511dd9 2fbb64b8ab64242a baddacc671222d50 2259ede8629aafe1 ecca71a3fcabdbe3 9ae53b9bd24aa8ef 602af53fbdd46e27 17d64cff5bf3e126 76aef0e4af37b830 96990e6bc8d1d494 d2d22671516ea046 bd2b4e22e78ce103 with fingerprint ssh-rsa 2048 9e:3c:df:46:02:f2:3e:1d:b7:d6:b7:b7:c2:f5:20:ef
. 2015-02-27 11:56:58.076 Host key matches cached key
. 2015-02-27 11:56:58.076 Host key fingerprint is:
. 2015-02-27 11:56:58.076 ssh-rsa 2048 9e:3c:df:46:02:f2:3e:1d:b7:d6:b7:b7:c2:f5:20:ef
. 2015-02-27 11:56:58.076 Initialised AES-256 SDCTR client->server encryption
. 2015-02-27 11:56:58.076 Initialised HMAC-SHA1 client->server MAC algorithm
. 2015-02-27 11:56:58.076 Initialised AES-256 SDCTR server->client encryption
. 2015-02-27 11:56:58.076 Initialised HMAC-SHA1 server->client MAC algorithm
. 2015-02-27 11:56:58.280 Reading private key file "C:\Program Files (x86)\PuTTY\private_key.ppk"
. 2015-02-27 11:56:58.280 Unable to use this key file (unable to open file)
! 2015-02-27 11:56:58.280 Unable to use key file "C:\Program Files (x86)\PuTTY\private_key.ppk" (unable to open file)
. 2015-02-27 11:56:58.344 Pageant is running. Requesting keys.
. 2015-02-27 11:56:58.344 Pageant has 1 SSH-2 keys
. 2015-02-27 11:56:58.344 Prompt (2, SSH login name, , login as: )
. 2015-02-27 11:56:58.430 Trying Pageant key #0
. 2015-02-27 11:56:58.465 Server refused our key
. 2015-02-27 11:56:58.466 Disconnected: No supported authentication methods available (server sent: publickey)
* 2015-02-27 11:56:58.524 (EFatal) Disconnected: No supported authentication methods available (server sent: publickey)
* 2015-02-27 11:56:58.524 Authentication log (see session log for details):
* 2015-02-27 11:56:58.524 Unable to use key file "C:\Program Files (x86)\PuTTY\private_key.ppk" (unable to open file)
* 2015-02-27 11:56:58.524
* 2015-02-27 11:56:58.524 Authentication failed.


Check to see if the key is in authorized_keys file in your ~/.ssh folder on your Linode. Perhaps do that through Linode's Lish browser and then try ssh'ing afterwards.

Related

Can't connect to MariaDB via JBDC from Google App Script with SSL

I'm trying to connect to MariaDB with Google App Script.
I've been following this post, and these instructions and used this advice to get the certs setup.
const server = 'x.x.x.x'; //not my actual ip
const port = 3306;
const dbName = 'myDbName';
const username = 'googleusername';
const password = 'hunter2';
const url = 'jdbc:mysql://'+server+':'+port+'/'+dbName+'?useSSL=true';
const serverSslCertificate = '-----BEGIN CERTIFICATE-----\n'+
'zxcv1231223123'+
.... etc ....
'112223334'+'\n'+
'-----END CERTIFICATE-----';
const clientSslCertificate = '-----BEGIN CERTIFICATE-----\n
'+ 'zxcv1231223123'+
.... etc ....
'112223334'+'\n'+
'-----END CERTIFICATE-----';
const clientSslKey ='-----BEGIN RSA PRIVATE KEY-----\n
'+ 'zxcv1231223123'+
.... etc ....
'112223334'+'\n'+
'-----END RSA PRIVATE KEY-----';
var connParams = {
user: username,
password: password,
_serverSslCertificate: serverSslCertificate,
_clientSslCertificate: clientSslCertificate,
_clientSslKey: clientSslKey,
};
When I try to connect, it fails and in MariaDB I can see in the mysql error logs:
2022-10-18 23:01:50 18 [Warning] Access denied for user 'googleusername'#'y.y.y.y' (using password: YES)
And in Apps Script I see
Exception: Failed to establish a database connection. Check connection string, username and password.
If I do:
MariaDB [bitnami_wordpress]> SHOW GLOBAL VARIABLES LIKE '%ssl%' \G
*************************** 1. row ***************************
Variable_name: have_openssl
Value: YES
*************************** 2. row ***************************
Variable_name: have_ssl
Value: DISABLED
*************************** 3. row ***************************
Variable_name: ssl_ca
Value: /opt/bitnami/mariadb/certs/ca.pem
*************************** 4. row ***************************
Variable_name: ssl_capath
Value:
*************************** 5. row ***************************
Variable_name: ssl_cert
Value: /opt/bitnami/mariadb/certs/server-cert.pem
*************************** 6. row ***************************
Variable_name: ssl_cipher
Value:
*************************** 7. row ***************************
Variable_name: ssl_crl
Value:
*************************** 8. row ***************************
Variable_name: ssl_crlpath
Value:
*************************** 9. row ***************************
Variable_name: ssl_key
Value: /opt/bitnami/mariadb/certs/server-key.pem
Found this in the MariaDB startup log:
2022-10-18 23:32:19 0 [Warning] Failed to setup SSL
2022-10-18 23:32:19 0 [Warning] SSL error: SSL_CTX_set_default_verify_paths failed
2022-10-18 23:32:19 0 [Warning] SSL error: error:02001002:system library:fopen:No such file or directory
2022-10-18 23:32:19 0 [Warning] SSL error: error:2006D080:BIO routines:BIO_new_file:no such file
2022-10-18 23:32:19 0 [Warning] SSL error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
I took a look at the have_ssl = disabled thing, and found this.
bitnami#ip-172-26-11-184:~/stack/mariadb/conf/certs$ ls -lah
total 40K
drwxr-xr-x 2 bitnami root 4.0K Oct 9 04:17 .
drwxrwxr-x 4 root root 4.0K Oct 18 22:10 ..
-rw-r--r-- 1 bitnami root 1.7K Oct 9 04:16 ca-key.pem
-rw-r--r-- 1 bitnami root 1.4K Oct 9 04:17 ca.pem
-rw-r--r-- 1 bitnami root 1.3K Oct 9 04:17 client-cert.pem
-rw------- 1 bitnami root 1.7K Oct 9 04:17 client-key.pem
-rw-r--r-- 1 bitnami root 1.1K Oct 9 04:17 client-req.pem
-rw-r--r-- 1 bitnami root 1.3K Oct 9 04:17 server-cert.pem
-rw------- 1 bitnami root 1.7K Oct 9 04:17 server-key.pem
-rw-r--r-- 1 bitnami root 1.1K Oct 9 04:17 server-req.pem
bitnami#ip-172-26-11-184:~/stack/mariadb/conf$ ls -lah
total 24K
drwxrwxr-x 4 root root 4.0K Oct 18 22:10 .
drwxr-xr-x 12 root root 4.0K Apr 14 2022 ..
drwxrwxr-x 3 root root 4.0K Sep 5 11:52 bitnami
drwxr-xr-x 2 bitnami root 4.0K Oct 9 04:17 certs
-rw-rw-r-- 1 bitnami root 1.1K Oct 18 22:10 my.cnf
-rw-r--r-- 1 root root 1002 Oct 9 04:16 run.sh
Amongst other things in my my.cnf:
[mysqld]
skip_name_resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
tmpdir=/opt/bitnami/mariadb/tmp
socket=/opt/bitnami/mariadb/tmp/mysql.sock
pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
max_allowed_packet=16M
bind_address=0.0.0.0
log_error=/opt/bitnami/mariadb/logs/mysqld.log
slow_query_log=0
slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
long_query_time=10.0
character_set_server=utf8
collation_server=utf8_general_ci
plugin_dir=/opt/bitnami/mariadb/lib/plugin
ssl_ca=/opt/bitnami/mariadb/certs/ca.pem
ssl_cert=/opt/bitnami/mariadb/certs/server-cert.pem
ssl_key=/opt/bitnami/mariadb/certs/server-key.pem
require_secure_transport=ON
Does anyone have any ideas of what to try next and why it's not working?

I got to the bottom of it.
Lessons learnt:
If
MariaDB [bitnami_wordpress]> SHOW GLOBAL VARIABLES LIKE '%ssl%' \G
shows
Variable_name: have_ssl
Value: DISABLED
Then your server side SSL is not enabled.
Check the MySQL log on reload/restart
[Warning] SSL error: error:02001002:system library:fopen:No such file or directory 2022-10-18 23:32:19 0
This kind of thing is a hint - in my case that I'd listed the paths wrong in the config file
The certificates that are needed on the client side are:
The Certificate Authority (ca.pem)
Client Cert
Client Key
In my case, I had the server cert, rather than the CA certificate.
It may be worth trying to connect with the certificates from a commandline client, but whatever "--ssl-verify-server-cert " does, it isn't what App Script does when it tries to connect.
Thanks #danblack for the pointers and encouragement.

AMQ9660E: SSL key repository: password stash file absent or unusable

On Linux using IBM MQ V9.2.0 I have seen the following error
EXPLANATION:
The SSL key repository cannot be used because MQ cannot obtain a password to access it. Reasons giving rise to this error include:
(a) the key database file and password stash file are not present in the location configured for the key repository,
(b) the key database file exists in the correct place but that no password stash file has been created for it,
(c) the files are present in the correct place but the userid under which MQ is running does not have permission to read them,
(d) one or both of the files are corrupt.
I did all the things mentioned in IBM docs but I am not able to resolve.
The SSLKEYR value is /var/mqm/qmgrs/QMGRname/ssl/key
-rwxrwxr-x. 1 mqm mqm 80 Apr 21 14:31 key.rdb
-rwxrwxr-x. 1 mqm mqm 193 Apr 21 14:32 key.sth
-rwxrwxr-x. 1 mqm mqm 15K Apr 21 14:44 key.kdb
(mq:9.2.0.0)root#22955896bc26:/var/mqm/qmgrs/qmgr/ssl# runmqakm -cert -list -db /var/mqm/qmgrs/qmgr/ssl/key.kdb -stashed
Certificates found
* default, - personal, ! trusted, # secret key
! "mns non-prod root ca"
! "mns plc sub ca cate"
- ibmwebspheremqqmgr
(mq:9.2.0.0)root#22955896bc26:/var/mqm/qmgrs/qmgr/ssl# runmqakm -cert -list -db /var/mqm/qmgrs/qmgr/ssl/key.kdb -stashed
CTGSK3026W The key file "/var/mqm/qmgrs/qmgr/ssl/key.kdb" does not exist or cannot be read.
CTGSK2101W The key database does not exist.
-Command usage-
-list Required <all | personal | ca>
-db | -crypto Required
-tokenlabel Required if -crypto present
-pw | -stashed Optional
-type Optional <cms | kdb | pkcs12 | p12>
-secondarydb Optional if -crypto present
-secondarydbpw Optional if -secondarydb present
-secondarydbtype Optional if -secondarydb present
-expiry Optional
-rfc3339 Optional
-v Optional
$ runmqakm -cert -list -db /var/mqm/qmgrs/qmgr/ssl/key.kdb -stashed
Certificates found
* default, - personal, ! trusted, # secret key
! "mns non-prod root ca"
! "mns plc sub ca cate"
- ibmwebspheremqqmgr
1 : DIS QMGR SSLKEYR CERTLABL
AMQ8408I: Display Queue Manager details.
QMNAME(qmgr) CERTLABL(ibmwebspheremqqmgr)
SSLKEYR(/VAR/MQM/QMGRS/qmgr/SSL/KEY)
1 : DIS QMGR SSLKEYR CERTLABL
AMQ8408I: Display Queue Manager details.
QMNAME(qmgr) CERTLABL(ibmwebspheremqqmgr)
SSLKEYR(/var/mqm/qmgrs/qmgr/ssl/key)
-rwxrwxr-x. 1 mqm mqm 15088 Apr 28 17:18 /var/mqm/qmgrs/AZMQGW02/ssl/key.kdb
-rwxrwxr-x. 1 mqm mqm 80 Apr 28 17:18 /var/mqm/qmgrs/AZMQGW02/ssl/key.rdb
-rwxrwxr-x. 1 mqm mqm 193 Apr 28 17:19 /var/mqm/qmgrs/AZMQGW02/ssl/key.sth
(mq:9.2.0.0)root#22955896bc26:/var/mqm/qmgrs/AZMQGW02/ssl# su - mqm
No directory, logging in with HOME=/
$ getfacl /var/mqm/qmgrs/AZMQGW02/ssl/key.*
-su: 1: getfacl: not found

Unix is case sensitive, /VAR/MQM/QMGRS/AZMQGW02/SSL/KEY is not the same as /var/mqm/qmgrs/AZMQGW02/ssl/key.
To fix the issue run the following:
printf "ALTER QMGR SSLKEYR('/var/mqm/qmgrs/AZMQGW02/ssl/key')\nREFRESH SECURITY TYPE(SSL)\n" | runmqsc AZMQGW02
Note that with MQSC commands if you do not surround a string with single quotes it will be folded to UPPER CASE.

Hyperledger Fabric - Peer unable to connect to (raft) Orderer with Mutual TLS

I am running a HLF on kubernetes - (3 raft orderers & 2 peers)
Now as raft requires Mutual TLS I had to setup some certificates.
The 3 raft orderers are able to communicate with eachother, as they are electing a leader, and re-electing another leader when I bring that leader down.
When I setup the peer, I used the same CA to generate the certificates. I am able to create the channel & join it from the peer. However I have to run CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH prior to those commands, otherwise I get Access Denied error.
I am also forced to append the following flags to every peer channel x command I run.
--tls --cafile $ORD_TLS_PATH/cacert.pem --certfile $CORE_PEER_TLS_CLIENTCERT_FILE --keyfile $CORE_PEER_TLS_CLIENTKEY_FILE --clientauth
I am able to create, fetch, join the channel using the admin msp.
Now once the channel is joined, the peer is unable to connect with the orderer, somehow a bad certificate is given.
Orderer Logs
A bad certificate is used ?
2019-08-15 16:07:55.699 UTC [core.comm] ServerHandshake -> ERRO 221 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.130.2.148:53922
2019-08-15 16:07:55.699 UTC [grpc] handleRawConn -> DEBU 222 grpc: Server.Serve failed to complete security handshake from "10.130.2.148:53922": remote error: tls: bad certificate
Peer Logs
These suggest that it could not validate it with the ca.crt ?
2019-08-15 16:10:17.990 UTC [grpc] DialContext -> DEBU 03a parsed scheme: ""
2019-08-15 16:10:17.990 UTC [grpc] DialContext -> DEBU 03b scheme "" not registered, fallback to default scheme
2019-08-15 16:10:17.991 UTC [grpc] watcher -> DEBU 03c ccResolverWrapper: sending new addresses to cc: [{orderer-2.hlf-orderers.svc.cluster.local:7050 0 <nil>}]
2019-08-15 16:10:17.991 UTC [grpc] switchBalancer -> DEBU 03d ClientConn switching balancer to "pick_first"
2019-08-15 16:10:17.991 UTC [grpc] HandleSubConnStateChange -> DEBU 03e pickfirstBalancer: HandleSubConnStateChange: 0xc00260b710, CONNECTING
2019-08-15 16:10:18.009 UTC [grpc] createTransport -> DEBU 03f grpc: addrConn.createTransport failed to connect to {orderer-2.hlf-orderers.svc.cluster.local:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority". Reconnecting...
2019-08-15 16:10:18.012 UTC [grpc] HandleSubConnStateChange -> DEBU 040 pickfirstBalancer: HandleSubConnStateChange: 0xc00260b710, TRANSIENT_FAILURE
2019-08-15 16:10:18.991 UTC [grpc] HandleSubConnStateChange -> DEBU 041 pickfirstBalancer: HandleSubConnStateChange: 0xc00260b710, CONNECTING
2019-08-15 16:10:19.003 UTC [grpc] createTransport -> DEBU 042 grpc: addrConn.createTransport failed to connect to {orderer-2.hlf-orderers.svc.cluster.local:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority". Reconnecting...
2019-08-15 16:10:19.003 UTC [grpc] HandleSubConnStateChange -> DEBU 043 pickfirstBalancer: HandleSubConnStateChange: 0xc00260b710, TRANSIENT_FAILURE
2019-08-15 16:10:20.719 UTC [grpc] HandleSubConnStateChange -> DEBU 044 pickfirstBalancer: HandleSubConnStateChange: 0xc00260b710, CONNECTING
2019-08-15 16:10:20.731 UTC [grpc] createTransport -> DEBU 045 grpc: addrConn.createTransport failed to connect to {orderer-2.hlf-orderers.svc.cluster.local:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority". Reconnecting...
2019-08-15 16:10:20.733 UTC [grpc] HandleSubConnStateChange -> DEBU 046 pickfirstBalancer: HandleSubConnStateChange: 0xc00260b710, TRANSIENT_FAILURE
2019-08-15 16:10:20.990 UTC [ConnProducer] NewConnection -> ERRO 047 Failed connecting to {orderer-2.hlf-orderers.svc.cluster.local:7050 [OrdererMSP]} , error: context deadline exceeded
I generated the used certificates as follows:
Orderer Admin
fabric-ca-client enroll -u https://u:p#ca.example.com -M ./OrdererMSP
Orderer Node X
As I use the same certificates for TLS I added the used hosts here for TLS purposes
orderer-x.hlf-orderers.svc.cluster.local #kubernetes
orderer-x.hlf-orderers #kubernetes
orderer-x #kubernetes
localhost #local debug
fabric-ca-client enroll -m orderer-x \
-u https://ox:px#ca.example.com \
--csr.hosts orderer-x.hlf-orderers.svc.cluster.local,orderer-x.hlf-orderers,orderer-x,localhost \
-M orderer-x-MSP
Peer Admin
fabric-ca-client enroll -u https://u:p#ca.example.com -M ./PeerMSP
Peer Node X
fabric-ca-client enroll -m peer-x \
-u https://ox:px#ca.example.com \
--csr.hosts peer-x.hlf-peers.svc.cluster.local,peer-x.hlf-peers,peer-x,localhost \
-M peer-x-MSP
Now all of these, have the same ca.crt (/cacerts/ca.example.com.pem)
configtx.yaml
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer-1.hlf-orderers.svc.cluster.local
Port: 7050
ClientTLSCert: orderer-1-MSP/signcerts/cert.pem
ServerTLSCert: orderer-1-MSP/signcerts/cert.pem
- Host: orderer-2.hlf-orderers.svc.cluster.local
Port: 7050
ClientTLSCert: orderer-2-MSP/signcerts/cert.pem
ServerTLSCert: orderer-2-MSP/signcerts/cert.pem
- Host: orderer-3.hlf-orderers.svc.cluster.local
Port: 7050
ClientTLSCert: orderer-3-MSP/signcerts/cert.pem
ServerTLSCert: orderer-3-MSP/signcerts/cert.pem
Addresses:
- orderer-1.hlf-orderers.svc.cluster.local:7050
- orderer-2.hlf-orderers.svc.cluster.local:7050
- orderer-3.hlf-orderers.svc.cluster.local:7050
I have checked multiple times if the correct certificates are mounted on the correct places and configured.
On the peer side I made sure that:
CORE_PEER_TLS_CLIENTROOTCAS_FILES is set correctly and that the (correct) file gets mounted (CORE_PEER_TLS_CLIENTROOTCAS_FILES: "/var/hyperledger/tls/client/cert/ca.crt")
Idem for CORE_PEER_TLS_CLIENTKEY_FILE & CORE_PEER_TLS_CLIENTCERT_FILE
CORE_PEER_TLS_CLIENTAUTHREQUIRED is set to true
On the orderer side I made sure that:
ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED is set to true
ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE is set correctly
ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY is set correctly
ORDERER_GENERAL_TLS_CLIENTROOTCAS is set correctly
It seems strange to me that the orderers are able to talk to eachother (as they are electing leaders), but that the peer is not able to do so

So it appears to be, that the tlscacerts should be in the msp(s) directory(ies) PRIOR to creating genesis / channel block. Simply mounting them in the pod at runtime is not enough
My msp directories (used in configtx.yaml) look like:
admincerts
tlscacerts
cacerts
...
After this it all started to work

seems like you have got below error
E0923 16:30:14.963567129 31166 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate.
E0923 16:30:15.964456710 31166 ssl_transport_security.cc:188] ssl_info_callback: error occured.
According to your details, All seems to be correct
However check below
certificate signed by unknown authority -> This makes me bit doubt on your certificate mapping
MAKE SURE
PEER:
CORE_PEER_TLS_ENABLED=true
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/data/maersksea-rca-maersksea-chain.pem
CORE_PEER_TLS_CLIENTCERT_FILE=/data/tls/maersksea-peer-maersksea-client.crt
CORE_PEER_TLS_CLIENTKEY_FILE=/data/tls/maersksea-peer-maersksea-client.key
CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
CORE_PEER_TLS_CLIENTROOTCAS_FILES=/data/maersksea-rca-maersksea-chain.pem
Orderer:
ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true
ORDERER_GENERAL_TLS_CLIENTROOTCAS=[/data/maersksea-rca-maersksea-chain.pem]

Connection to Amazon S3 via WinSCP command line is failing when access key does not have permissions to list buckets

I use command line WinSCPfor SFTP and WebDAV regularly. Today is my first time getting this to work against Amazon S3. After upgrading to latest version we are able to connect to S3 via the WinSCP client.
However we have had no luck connecting via the scripting which is really want we need.
Here is the script
open s3://mykey:mypassword#s3.amazonaws.com/
lcd G:\Production\Suppliers
cd /mybucket/subfolder/
put Products.csv
exit
Resulting output from this call is:
. 2019-06-12 16:23:18.988 --------------------------------------------------------------------------
. 2019-06-12 16:23:19.013 WinSCP Version 5.15.2 (Build 9590) (OS 10.0.14393 - Windows Server 2016 Datacenter)
. 2019-06-12 16:23:19.014 Configuration: G:\Application\WinSCP\WinSCP.ini
. 2019-06-12 16:23:19.014 Log level: Normal
. 2019-06-12 16:23:19.014 Local account: ouraccount
. 2019-06-12 16:23:19.023 Working directory: G:\outpath
. 2019-06-12 16:23:19.024 Process ID: 40772
. 2019-06-12 16:23:19.026 Command-line: "G:\Application\WinSCP\WinSCP.exe" /console=5.15.2 /consoleinstance=_39780_372 "/script=G:\Scripts\WINSCF_Data_Pull_Script_Amazon.txt" "/log=G:\Scripts\WINSCF_Data_Pull_Script_Amazon.log"
. 2019-06-12 16:23:19.027 Time zone: Current: GMT+10, Standard: GMT+10 (AUS Eastern Standard Time), DST: GMT+11 (AUS Eastern Daylight Time), DST Start: 6/10/2019, DST End: 7/04/2019
. 2019-06-12 16:23:19.027 Login time: Wednesday, 12 June 2019 4:23:19 PM
. 2019-06-12 16:23:19.027 --------------------------------------------------------------------------
. 2019-06-12 16:23:19.027 Script: Retrospectively logging previous script records:
> 2019-06-12 16:23:19.027 Script: open s3://AKIARHourkeyJP3VF:***#s3.amazonaws.com/
. 2019-06-12 16:23:19.027 --------------------------------------------------------------------------
. 2019-06-12 16:23:19.027 Session name: AKIARHourkeyRDJP3VF#s3.amazonaws.com (Ad-Hoc site)
. 2019-06-12 16:23:19.027 Host name: s3.amazonaws.com (Port: 443)
. 2019-06-12 16:23:19.027 User name: AKIARHourkeyBRDJP3VF (Password: Yes, Key file: No, Passphrase: No)
. 2019-06-12 16:23:19.027 Transfer Protocol: S3
. 2019-06-12 16:23:19.027 Proxy: None
. 2019-06-12 16:23:19.027 HTTPS: Yes
. 2019-06-12 16:23:19.027 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2019-06-12 16:23:19.027 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2019-06-12 16:23:19.027 Cache directory changes: Yes, Permanent: Yes
. 2019-06-12 16:23:19.027 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2019-06-12 16:23:19.027 --------------------------------------------------------------------------
. 2019-06-12 16:23:19.028 Trying to open directory "/".
. 2019-06-12 16:23:19.028 HTTP session to https://s3.amazonaws.com:443 begins.
. 2019-06-12 16:23:19.356 ssl: SNI enabled by default.
. 2019-06-12 16:23:19.358 Sending request headers:
. 2019-06-12 16:23:19.358 GET /?max-keys=1 HTTP/1.1
. 2019-06-12 16:23:19.358 User-Agent: WinSCP/5.15.2 neon/0.30.2
. 2019-06-12 16:23:19.358 Keep-Alive:
. 2019-06-12 16:23:19.358 Connection: TE, Keep-Alive
. 2019-06-12 16:23:19.358 TE: trailers
. 2019-06-12 16:23:19.358 Host: s3.amazonaws.com
. 2019-06-12 16:23:19.358 Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
. 2019-06-12 16:23:19.358 x-amz-date: 20190612T062319Z
. 2019-06-12 16:23:19.359 x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
. 2019-06-12 16:23:19.359 Sending request-line and headers:
. 2019-06-12 16:23:19.359 Doing DNS lookup on s3.amazonaws.com...
. 2019-06-12 16:23:19.372 req: Connecting to 52.216.228.243:443
. 2019-06-12 16:23:19.579 Doing SSL negotiation.
. 2019-06-12 16:23:20.017 Identity match for 's3.amazonaws.com': good
. 2019-06-12 16:23:20.017 Verifying certificate for "Amazon.com Inc., Seattle, Washington, US" with fingerprint 9a:72:7d:d0:20::a5:3a:d7:93 and 08 failures
. 2019-06-12 16:23:20.071 Certificate verified against Windows certificate store
. 2019-06-12 16:23:20.071 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES128-GCM-SHA256, 2048 bit RSA
. 2019-06-12 16:23:20.071 Request sent; retry is 0.
. 2019-06-12 16:23:20.293 [status-line] < HTTP/1.1 403 Forbidden
. 2019-06-12 16:23:20.293 Header Name: [x-amz-request-id], Value: [2624A67051E88491]
. 2019-06-12 16:23:20.293 Header Name: [x-amz-id-2], Value: [53ip3Xjq5fGLMXcDCLfpXVKSaXCAZGWeGe6aFMe+9FWpRG8kgG4wnCphLd5AWaOZo2KeVQ8RKLs=]
. 2019-06-12 16:23:20.294 Header Name: [content-type], Value: [application/xml]
. 2019-06-12 16:23:20.294 Header Name: [transfer-encoding], Value: [chunked]
. 2019-06-12 16:23:20.294 Header Name: [date], Value: [Wed, 12 Jun 2019 06:23:19 GMT]
. 2019-06-12 16:23:20.294 Header Name: [server], Value: [AmazonS3]
. 2019-06-12 16:23:20.294 Header Name: [connection], Value: [close]
. 2019-06-12 16:23:20.294 End of headers.
. 2019-06-12 16:23:20.294 End of headers.
. 2019-06-12 16:23:20.294 sess: Closing connection.
. 2019-06-12 16:23:20.294 sess: Connection closed.
. 2019-06-12 16:23:20.294 Request ends, status 403 class 4xx, error line:
. 2019-06-12 16:23:20.294 403 Forbidden
. 2019-06-12 16:23:20.294 Access Denied
. 2019-06-12 16:23:20.294 Extra Details: RequestId: 2624A67051E88491, HostId: 53ip3Xjq5fGLMXcDCLfpXVKSaXCAZGWeGe6aFMe+9FWpRG8kgG4wnCphLd5AWaOZo2KeVQ8RKLs=
< 2019-06-12 16:23:20.294 <?xml version="1.0" encoding="UTF-8"?>
< 2019-06-12 16:23:20.294 <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2624A67051E88491</RequestId><HostId>53ip3Xjq5fGLMXcDCLfpXVKSaXCAZGWeGe6aFMe+9FWpRG8kgG4wnCphLd5AWaOZo2KeVQ8RKLs=</HostId></Error>
. 2019-06-12 16:23:20.294 Request ends.
. 2019-06-12 16:23:20.294 sess: Destroying session.

If your access key does not have permissions to list buckets, you need to start in the bucket directly.
Do that by specifying the bucket path in the session URL:
open s3://mykey:mypassword#s3.amazonaws.com/mybucket/subfolder/
lcd G:\Production\Suppliers
put Products.csv
exit
I have now covered that in the documentation section Working with buckets.

WinSCP error "No such file" when uploading files to server

Currently I'm programmatically trying to upload files to a server using the WinSCP API.
However looking at the log files every time I attempt to do this I get an error stating that the remote file or it's directory doesn't exist.
Code:
Dim objftp As New WinSCP.SessionOptions
objftp.HostName = Server
objftp.PortNumber = Port
objftp.Protocol = Protocol.Sftp
objftp.UserName = User
objftp.Password = Password
objftp.PrivateKeyPassphrase = "passPhrase"
objftp.SshPrivateKeyPath = "\\PathToPrivatekey.ppk"
objftp.GiveUpSecurityAndAcceptAnySshHostKey = True
Dim session As New Session
session.Timeout = System.TimeSpan.FromSeconds(30)
session.SessionLogPath = "C:\Temp\ftpLog\winscp.log"
session.Open(objFTP)
Dim transferOptions As New TransferOptions
transferOptions.TransferMode = TransferMode.Binary
transferOptions.ResumeSupport.State = TransferResumeSupportState.Off
Dim transferResult As TransferOperationResult
strLocalFile = FilePath & FileName
strRemoteFile = FileName
transferResult = session.PutFiles(strLocalFile, "/In/", False, transferOptions)
transferResult.Check()
session.Close()
Now I have manually using WinSCP connected to the server and I can verify that the /In/ directory does exist. I am using a Windows OS to do this. I don't have full details on the server I'm connecting to as it's a third party I'm sending information to.
Is there something I'm missing in my code?
EDIT: As requested this is my logs:
Log from programmatically trying it:
. 2016-12-23 10:52:07.089 --------------------------------------------------------------------------
. 2016-12-23 10:52:07.089 WinSCP Version 5.9.3 (Build 7136) (OS 6.1.7601 Service Pack 1 - Windows 7 Professional)
. 2016-12-23 10:52:07.089 Configuration: nul
. 2016-12-23 10:52:07.089 Log level: Normal
. 2016-12-23 10:52:07.089 Local account: user\Andrew
. 2016-12-23 10:52:07.089 Working directory: \\WorkingDIr\
. 2016-12-23 10:52:07.089 Process ID: 12648
. 2016-12-23 10:52:07.090 Command-line: "\\WorkingDir\winscp.exe" /xmllog="C:\Users\andrew\AppData\Local\Temp\wscp46E9.02B7AFA0.tmp" /xmlgroups /xmllogrequired /nointeractiveinput /dotnet=593 /ini=nul /log="C:\Temp\ftpLog\winscp.log" /console /consoleinstance=_10192_57352375_875
. 2016-12-23 10:52:07.090 Time zone: Current: GMT+0, Standard: GMT+0 (GMT Standard Time), DST: GMT+1 (GMT Daylight Time), DST Start: 27/03/2016, DST End: 30/10/2016
. 2016-12-23 10:52:07.090 Login time: 23 December 2016 10:52:07
. 2016-12-23 10:52:07.090 --------------------------------------------------------------------------
. 2016-12-23 10:52:07.094 Script: Retrospectively logging previous script records:
> 2016-12-23 10:52:07.094 Script: option batch on
< 2016-12-23 10:52:07.094 Script: batch on
< 2016-12-23 10:52:07.094 Script: reconnecttime 120
> 2016-12-23 10:52:07.094 Script: option confirm off
< 2016-12-23 10:52:07.094 Script: confirm off
> 2016-12-23 10:52:07.094 Script: option reconnecttime 120
< 2016-12-23 10:52:07.094 Script: reconnecttime 120
> 2016-12-23 10:52:07.094 Script: open sftp://user:***#server.com:22 -hostkey="*" -privatekey="\\containingDir\PrivateKey.ppk" -passphrase=*** -timeout=15
. 2016-12-23 10:52:07.094 --------------------------------------------------------------------------
. 2016-12-23 10:52:07.094 Session name: user#server.com (Ad-Hoc site)
. 2016-12-23 10:52:07.094 Host name: server.com (Port: 22)
. 2016-12-23 10:52:07.095 User name: user(Password: Yes, Key file: Yes, Passphrase: Yes)
. 2016-12-23 10:52:07.095 Tunnel: No
. 2016-12-23 10:52:07.095 Transfer Protocol: SFTP
. 2016-12-23 10:52:07.095 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2016-12-23 10:52:07.095 Disable Nagle: No
. 2016-12-23 10:52:07.095 Proxy: None
. 2016-12-23 10:52:07.095 Send buffer: 262144
. 2016-12-23 10:52:07.095 SSH protocol version: 2; Compression: No
. 2016-12-23 10:52:07.095 Bypass authentication: No
. 2016-12-23 10:52:07.095 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2016-12-23 10:52:07.095 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2016-12-23 10:52:07.095 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2016-12-23 10:52:07.095 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2016-12-23 10:52:07.095 Simple channel: Yes
. 2016-12-23 10:52:07.095 Return code variable: Autodetect; Lookup user groups: Auto
. 2016-12-23 10:52:07.095 Shell: default
. 2016-12-23 10:52:07.095 EOL: LF, UTF: Auto
. 2016-12-23 10:52:07.095 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2016-12-23 10:52:07.095 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2016-12-23 10:52:07.095 SFTP Bugs: Auto,Auto
. 2016-12-23 10:52:07.095 SFTP Server: default
. 2016-12-23 10:52:07.095 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2016-12-23 10:52:07.095 Cache directory changes: Yes, Permanent: Yes
. 2016-12-23 10:52:07.095 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2016-12-23 10:52:07.095 DST mode: Unix
. 2016-12-23 10:52:07.095 --------------------------------------------------------------------------
. 2016-12-23 10:52:07.106 Looking up host "server.com" for SSH connection
. 2016-12-23 10:52:07.126 Connecting to 11.11.11.11 port 22
. 2016-12-23 10:52:07.307 We claim version: SSH-2.0-WinSCP_release_5.9.3
. 2016-12-23 10:52:07.496 Server version: SSH-2.0-9.99 sshlib: 8.1.0.0
. 2016-12-23 10:52:07.496 We believe remote version has SSH-2 channel request bug
. 2016-12-23 10:52:07.496 Using SSH protocol version 2
. 2016-12-23 10:52:07.504 Doing Diffie-Hellman group exchange
. 2016-12-23 10:52:07.928 Doing Diffie-Hellman key exchange with hash SHA-1
. 2016-12-23 10:52:08.307 Host key fingerprint is:
. 2016-12-23 10:52:08.307 ssh-rsa fingerprint
. 2016-12-23 10:52:08.308 Verifying host key host key
* 2016-12-23 10:52:08.308 WARNING! Giving up security and accepting any host key as configured!
. 2016-12-23 10:52:08.310 Initialised AES-256 SDCTR client->server encryption
. 2016-12-23 10:52:08.310 Initialised HMAC-SHA1 client->server MAC algorithm
. 2016-12-23 10:52:08.310 Initialised AES-256 SDCTR server->client encryption
. 2016-12-23 10:52:08.310 Initialised HMAC-SHA1 server->client MAC algorithm
. 2016-12-23 10:52:08.741 Reading key file "\\PrivateKseyDir\PrivateKey.ppk"
. 2016-12-23 10:52:08.764 Pageant is running. Requesting keys.
. 2016-12-23 10:52:08.766 Pageant has 0 SSH-2 keys
. 2016-12-23 10:52:08.766 Configured key file not in Pageant
! 2016-12-23 10:52:08.766 Using username "user".
. 2016-12-23 10:52:08.958 Server offered these authentication methods: publickey,password
. 2016-12-23 10:52:08.958 Offered public key
. 2016-12-23 10:52:09.193 Offer of public key accepted
! 2016-12-23 10:52:09.193 Authenticating with public key "rsa-key-20161222"
. 2016-12-23 10:52:09.194 Prompt (passphrase, "SSH key passphrase", <no instructions>, "Passphrase for key "rsa-key-20161222": ")
. 2016-12-23 10:52:09.194 Using configured passphrase.
. 2016-12-23 10:52:09.316 Sent public key signature
! 2016-12-23 10:52:09.504 Server refused public-key signature despite accepting key!
. 2016-12-23 10:52:09.504 Server refused public-key signature despite accepting key!
. 2016-12-23 10:52:09.504 Server offered these authentication methods: password
. 2016-12-23 10:52:09.504 Prompt (password, "SSH password", <no instructions>, "&Password: ")
. 2016-12-23 10:52:09.504 Using stored password.
. 2016-12-23 10:52:09.505 Sent password
. 2016-12-23 10:52:09.831 Access granted
. 2016-12-23 10:52:09.831 Opening session as main channel
. 2016-12-23 10:52:10.017 Opened main channel
. 2016-12-23 10:52:10.426 Started a shell/command
. 2016-12-23 10:52:10.426 --------------------------------------------------------------------------
. 2016-12-23 10:52:10.432 Using SFTP protocol.
. 2016-12-23 10:52:10.432 Doing startup conversation with host.
> 2016-12-23 10:52:10.441 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2016-12-23 10:52:10.631 Type: SSH_FXP_VERSION, Size: 5, Number: -1
. 2016-12-23 10:52:10.631 SFTP version 3 negotiated.
. 2016-12-23 10:52:10.631 We believe the server has signed timestamps bug
. 2016-12-23 10:52:10.631 We will use UTF-8 strings until server sends an invalid UTF-8 string as with SFTP version 3 and older UTF-8 strings are not mandatory
. 2016-12-23 10:52:10.635 Getting current directory name.
. 2016-12-23 10:52:10.639 Getting real path for '.'
> 2016-12-23 10:52:10.639 Type: SSH_FXP_REALPATH, Size: 10, Number: 16
< 2016-12-23 10:52:10.825 Type: SSH_FXP_NAME, Size: 43, Number: 16
. 2016-12-23 10:52:10.825 Real path is '/Home/user'
. 2016-12-23 10:52:10.825 Startup conversation with host finished.
< 2016-12-23 10:52:10.826 Script: Active session: [1] server.com
> 2016-12-23 10:52:11.141 Script: pwd
< 2016-12-23 10:52:11.141 Script: /Home/user
> 2016-12-23 10:52:26.491 Script: put -nopermissions -preservetime -transfer="binary" -resumesupport="off" -- "\\fileDir\testFile.dat" "/In/testFile.dat"
. 2016-12-23 10:52:26.497 Copying 1 files/directories to remote directory "/In/"
. 2016-12-23 10:52:26.497 PrTime: Yes; PrRO: No; Rght: rw-r--r--; PrR: No (No); FnCs: N; RIC: 0100; Resume: N (102400); CalcS: No; Mask: testFile.dat
. 2016-12-23 10:52:26.497 TM: B; ClAr: No; RemEOF: No; RemBOM: No; CPS: 0; NewerOnly: No; InclM: ; ResumeL: 0
. 2016-12-23 10:52:26.497 AscM: *.*html; *.htm; *.txt; *.php; *.php3; *.cgi; *.c; *.cpp; *.h; *.pas; *.bas; *.tex; *.pl; *.js; .htaccess; *.xtml; *.css; *.cfg; *.ini; *.sh; *.xml
. 2016-12-23 10:52:26.502 File: '\\fileDir\testFile.dat' [2016-12-23T06:31:02.639Z] [212952]
. 2016-12-23 10:52:26.504 Copying "\\fileDir\testFile.dat" to remote directory started.
. 2016-12-23 10:52:26.504 Binary transfer mode selected.
. 2016-12-23 10:52:26.505 Opening remote file.
> 2016-12-23 10:52:26.509 Type: SSH_FXP_OPEN, Size: 50, Number: 259
< 2016-12-23 10:52:26.681 Type: SSH_FXP_STATUS, Size: 31, Number: 259
< 2016-12-23 10:52:26.681 Status code: 2, Message: 259, Server: No such file, Language: en
> 2016-12-23 10:52:26.681 Type: SSH_FXP_LSTAT, Size: 34, Number: 519
< 2016-12-23 10:52:26.849 Type: SSH_FXP_STATUS, Size: 31, Number: 519
< 2016-12-23 10:52:26.849 Status code: 2, Message: 519, Server: No such file, Language: en
* 2016-12-23 10:52:26.849 (ETerminal) No such file or directory.
* 2016-12-23 10:52:26.849 Error code: 2
* 2016-12-23 10:52:26.849 Error message from server (en): No such file
. 2016-12-23 10:52:26.850 Asking user:
. 2016-12-23 10:52:26.850 Cannot create remote file '/In/testFile.dat'. ("No such file or directory.
. 2016-12-23 10:52:26.850 Error code: 2
. 2016-12-23 10:52:26.850 Error message from server (en): No such file")
< 2016-12-23 10:52:26.850 Script: Cannot create remote file '/In/testFile.dat'.
< 2016-12-23 10:52:26.850 Script: No such file or directory.
< 2016-12-23 10:52:26.850 Error code: 2
< 2016-12-23 10:52:26.850 Error message from server (en): No such file
* 2016-12-23 10:52:26.862 (EScpSkipFile) Cannot create remote file '/In/testFile.dat'.
* 2016-12-23 10:52:26.862 No such file or directory.
* 2016-12-23 10:52:26.862 Error code: 2
* 2016-12-23 10:52:26.862 Error message from server (en): No such file
. 2016-12-23 10:52:26.862 Script: Failed
And this is the log from me doing it successfully with the GUI:
> 2016-12-23 10:59:12.037 Type: SSH_FXP_SETSTAT, Size: 54, Number: 2057
< 2016-12-23 10:59:12.221 Type: SSH_FXP_STATUS, Size: 40, Number: 2057
< 2016-12-23 10:59:12.221 Status code: 8, Message: 2057, Server: Operation unsupported, Language: en
* 2016-12-23 10:59:12.222 (ETerminal) The server does not support the operation.
* 2016-12-23 10:59:12.222 Error code: 8
* 2016-12-23 10:59:12.222 Error message from server (en): Operation unsupported
. 2016-12-23 10:59:12.226 Asking user:
. 2016-12-23 10:59:12.226 **Upload of file 'sftpTest.dat' was successful, but error occurred while setting the permissions and/or timestamp.**
. 2016-12-23 10:59:12.226
. 2016-12-23 10:59:12.226 If the problem persists, turn off setting permissions or preserving timestamp. Alternatively you can turn on 'Ignore permission errors' option. ("The server does not support the operation.
. 2016-12-23 10:59:12.226 Error code: 8
. 2016-12-23 10:59:12.226 Error message from server (en): Operation unsupported")
* 2016-12-23 10:59:14.385 (EScpSkipFile) **Upload of file 'sftpTest.dat' was successful, but error occurred while setting the permissions and/or timestamp.**
* 2016-12-23 10:59:14.385
* 2016-12-23 10:59:14.385 If the problem persists, turn off setting permissions or preserving timestamp. Alternatively you can turn on 'Ignore permission errors' option.
* 2016-12-23 10:59:14.385 The server does not support the operation.
* 2016-12-23 10:59:14.385 Error code: 8
* 2016-12-23 10:59:14.385 Error message from server (en): Operation unsupported
. 2016-12-23 10:59:14.386 Listing directory "/Home/user".
> 2016-12-23 10:59:14.386 Type: SSH_FXP_OPENDIR, Size: 20, Number: 4875
< 2016-12-23 10:59:14.602 Type: SSH_FXP_HANDLE, Size: 13, Number: 4875
> 2016-12-23 10:59:14.603 Type: SSH_FXP_READDIR, Size: 13, Number: 5132
< 2016-12-23 10:59:14.817 Type: SSH_FXP_NAME, Size: 245, Number: 5132
> 2016-12-23 10:59:14.817 Type: SSH_FXP_READDIR, Size: 13, Number: 5388
< 2016-12-23 10:59:15.022 Type: SSH_FXP_STATUS, Size: 30, Number: 5388
< 2016-12-23 10:59:15.022 Status code: 1
> 2016-12-23 10:59:15.022 Type: SSH_FXP_CLOSE, Size: 13, Number: 5636
. 2016-12-23 10:59:15.022 In;d;0;2016-12-20T15:48:00.000Z;"0" [0];"0" [0];rwxrwxrwx;1
. 2016-12-23 10:59:15.022 sftpTest.dat;-;212952;2016-12-23T10:59:00.000Z;"0" [0];"0" [0];rw-rw-rw-;1

While I cannot tell for sure, as you didn't provide enough information, my guess is that your real target path should be like /Home/user/In/, not just /In/.
From the GUI log, it seems that your account is not chrooted, as the home directory is /Home/user/, not /.
. 2016-12-23 10:59:14.386 Listing directory "/Home/user".

Documentation talks about the full path to the remote file, not the directory with the file. You can try to specify full path:
transferResult = session.PutFiles(strLocalFile, "/In/remote_file.ext", False, transferOptions)