Openssh Connection does not work with AuthorizedKeysCommand - ssh

I have added these lines on sshd_config
AuthorizedKeysCommand /authorizedkeys/authorized-keys
AuthorizedKeysCommandUser ssh-keys
-rwxr-x--- 1 root ssh-keys 712 Dec 23 22:36 /authorizedkeys/authorized-keys
-rwxr-x--- 1 root ssh-keys 712 Dec 23 22:36 authorized-keys
ssh-keys user can excecute the file(/authorizedkeys/authorized-keys).
but I cannot ssh to server; ssh git#myserver.com
in auth.log I can see this line,
error: Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /
if I give 770 permission to /authorizedkeys/authorized-keys file, I get following error,
error: Unsafe AuthorizedKeysCommand: bad ownership or modes for file /authorizedkeys/authorized-keys
I tried using root as the AuthorizedKeysCommandUser and changed permission and owner of /authorizedkeys/authorized-keys file. it did not work too.
I am using OpenSSH_6.6.1p1 on ubuntu 14.04.
note:I can ssh fine with authorized_keys file

Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /
It's complaining about ownership or permissions on the root directory. According to the source code the file, the directory containing the file, and all parent directories (including the root directory) have to be owned by root. The permissions on all of these files and directories have to be 0755 (deny write access to group and other).
My guess is that you have group write permission set on your root directory, or something like that.
Giving 0770 permissions to "/authorizedkeys/authorized-keys" also causes that file to fail the permissions check.
For completeness, this is the section of code which emits the directory error:
if (stat(buf, &st) < 0 ||
(!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
snprintf(err, errlen,
"bad ownership or modes for directory %s", buf);
return -1;
}
It emits that error if:
The stat() call fails for a directory
The file doesn't belong to root ("uid" is 0 here)
The file's permissions include write-by-group or write-by-other.

authorized_keys file should be chmod 600 and the .ssh directory should be chmod 700 .

you need to give proper permission to the keys on the remote host:
[remote-host]$ chmod 755 ~/.ssh
[remote-host]$ chmod 644 ~/.ssh/authorized_keys

Related

How do I change the Apache root permission?

Upgrade to PHP 7.1 and getting 403 error. How do I change the root permission to 751?
As the root user, run:
chmod 751 path/to/your/directory/
use the "recursive" option if you want to also modify permissions of all subdirectories:
chmod -R 751 path/to/your/directory/
then do this:
ls -l
This should show that your directory is owned by root and now has permissions "drwxr-x--x".
Source and more details: http://www.filepermissions.com/directory-permission/751

Unable to check htaccess file

I am new to php and drupal. After i completed work on site in locally i run it but shows below error in log/error.log
Permission denied: [client 127.0.0.1:37590] AH00529: /home/user/public_html/domainname.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/user/public_html/domainname.com/public/' is executable
I gave 777 permission to public folder below like this
chmod -R 777 public/
after i googled i changed the permission to .htaccess file
chmod 644 .htaccess then
I gave permission to parentdirectory (public) folder
chmod 755 public/
then again i installed new one locally(new site) but it shows the same error
but still it shows same error.
Can any one help me from this?
Open the httpd.conf (or apache2.conf) file and search for the User and Group directives. The values here refer to the user/group which will be used for Apache server.
Next, go to /home/user/public_html (or /home/user/public_html/domainname.com whichever is the DOCUMENT_ROOT) and do this:
sudo chown -R USER:GROUP ./
where USER and GROUP are the values of User and Group directives from above. Once that is done, set the htaccess file permissions to 0644 and try.

CakePHP based application installation error: 777 permission directory is not writable?

Trying to install my CakePHP based application on server, but got following error:
Warning: _cake_core_ cache was unable to write 'cake_dev_en-us' to File cache in /var/www/html/cakephp-2460/lib/Cake/Cache/Cache.php on line 325
Warning: /var/www/html/tmp/cache/persistent/ is not writable
Sounds simple, but it is not - because my 'persistent' directory IS writable - in fact, /tmp and it's sub directories are writable.
Can you point me where is the problem? Do I missing some of PHP modules on server, or something like that?
Is there something to do with SeLinux?
Check that the user group for that directory is correct.
Maybe the user owner group does not have root permissions and therefor cannot write.
you may need to do the following on your server:
chown root:root -R /path_to_cake/app/tmp
Yes it is the problem in your SeLinux.You have to set www/..path../tmp directory is a httpd_cache_t so opan your terminal and
list to see all httpt_cache_t in system
# semanage fcontext -l | grep httpd
Set your www/.../tmp directory
# semanage fcontext -a -t 'httpd_cache_t' 'www/..path../tmp(/.*)?'
# restorecon -Rvvv /path/to/wwwroot/cache

~/.ec2/id_rsa-gsg-keypair not accessible: No such file or directory

I'm trying to launch a Hadoop cluster on Amazon ec2, using the instructions in "Hadoop in Action" (also here: http://wiki.apache.org/hadoop/AmazonEC2).
I've set up my private ssh key and configurations, but when I try to launch a cluster using the command-line tools:
hadoop-ec2 launch-cluster test-cluster 2
I repeatedly get this error:
Warning: Identity file ~/.ec2/id_rsa-gsg-keypair not accessible: No such file or directory.
Permission denied (publickey,gssapi-with-mic).
The ~/.ec2/id_rsa-gsg-keypair definitely exists, though, and I did chmod 600 it:
> chmod 600 ~/.ec2/id_rsa-gsg-keypair
> ls -l id_rsa-gsg-keypair
-rw------- 1 my-username
Any idea what's wrong?
You may have already realized this, but the problem is possibly related to the ~/ path usage. Try using the absolute path /home/username/.ec2

cd'ing permissions denied after enabling root user on mac os x 10.6.4

I enabled root in terminal by sudo passwd root and then attempted to cd a rails site folder located on my desktop. I got the error -bash: cd: /Users/fred/Desktop/sitefolder: Permission denied
How to get rid of this error/ enable all permissions for root? Thanks
Are you sure you called cd as root?
If yes, check if the owner of the folder is root. If not call
sudo chown /Users/fred/Desktop/sitefolder root
then check if the owner has reading permission. If not call
chmod 744 /Users/fred/Desktop/sitefolder
(this enables all permissions for owner and only reading permission for group and others). If you don't care much about that folder you may instead call directly
sudo chmod 777 /Users/fred/Desktop/sitefolder
giving all permissions to every user.