Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I want to copy letsencrypt folder from my remote ec2 machine to my local folder.
So I run this command:
scp -i key.pem -r ubuntu#ec2-3-188-92-58.us-east-2.compute.amazonaws.com:/etc/letsencrypt my-letsencrypt
Some files are copied but other failed with this error Permission denied:
scp: /etc/letsencrypt/archive: Permission denied
scp: /etc/letsencrypt/keys: Permission denied
I want to avoid to change ec2 files permissions.
What can I do to copy this folder to my local filesystem?
You are logging in with the account ubuntu on the server, but that account doesn't have the correct permission to read (and therefore) copy all the files. Most likely some of the files are owned by root and are not readable by others.
You can check the permission yourself with ls -l /etc/letsencrypt.
To copy the files anyway, here's two options:
1. Make a readable copy
on the remote server (logged in via SSH), you can make a copy of the folder, and change the permissions of the files:
sudo cp -r /etc/letsencrypt ~/letsencrypt-copy
sudo chown -R ubuntu:ubuntu ~/letsencrypt-copy
Now you can copy the files from there:
scp -i key.pem -r ubuntu#ec2-3-188-92-58.us-east-2.compute.amazonaws.com:letsencrypt-copy my-letsencrypt
2. copy from root
If you have ssh access on the root account, then just copy using that account:
scp -r root#ec2-3-188-92-58.us-east-2.compute.amazonaws.com:letsencrypt-copy my-letsencrypt
Here you need public read permission
- First SSH to your remote server ubuntu#ec2-3-188-92-58.us-east-2.compute.amazonaws.com
sudo su - (make sure you are a root user)
chmod -R 0744 /etc/letsencrypt
now try to download again with SCP again
after download put back permissions to 0700
chmod -R 0700 /etc/letsencrypt
Check the file permissions for archive & keys. It should be 400. Just change to 600. After the change, try copying again.
chmod -R 600 ./archive ./keys
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am trying to make ssh key for a the deployer user
[deployer#server /]$ ssh-keygen -t rsa -b 4096 -C "email#yahoo.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/deployer/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
open /home/deployer/.ssh/id_rsa failed: Permission denied.
Saving the key failed: /home/deployer/.ssh/id_rsa.
i have tried all of theses
[root#server /]# chmod -R 644 /home/deployer
[root#server /]# chmod -R 755 home/deployer
[root#server /]# chmod -R 755 /home/deployer
[root#server /]# chmod -R 755 home/deployer
Looks like deployer is not the owner of its own home directory. Try giving him the ownership:
[root#server /]# chown -R deployer: /home/deployer/
It looks like you don't have the privileges to save the files necessary to complete the operation. Try running the same command using sudo:
sudo ssh-keygen -t rsa -b 4096 -C "email#yahoo.com"
When prompted for a password, enter your password. If this doesn't work, you can try using the command su, which will switch to the root user directly.
try the following:
1) cd /home/deployer
2) ssh-keygen --t
3) chmod 700 .ssh
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I need to create a user which can only SFTP to specific directory and take a copy of some infomation. that is it. I keep looking online and they bring up information about chroot and modifying the the sshd_config.
So far I can just
add the user "useradd sftpexport"
create it without a home directory "-M"
set its login location "-d /u02/export/cdrs" (Where the information is stored)
not allow it to use ssh "-s /bin/false"
useradd sftpexport -M -d /u02/export/cdrs -s /bin/false
Can anyone suggest what am meant to edit so the user can only login and copy the file off?
I prefer to create a user group sftp and restrict users in that group to their home directory.
First, edit your /etc/ssh/sshd_config file and add this at the bottom.
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
This tells OpenSSH that all users in the sftp group are to be chrooted to their home directory (which %h represents in the ChrootDirectory command)
Add a new sftp group, add your user to the group, restrict him from ssh access and define his home directory.
groupadd sftp
usermod username -g sftp
usermod username -s /bin/false
usermod username -d /home/username
Restart ssh:
sudo service ssh restart
If you are still experiencing problems, check that the directory permissions are correct on the home directory. Adjust the 755 value appropriately for your setup.
sudo chmod 755 /home/username
EDIT: Based on the details of your question, it looks like you are just missing the sshd_config portion. In your case, substitute sftp with sftpexport. Also be sure that the file permissions are accessible on the /u02/export/cdrs directory.
An even better setup (and there are even better setups than what I am about to propose) is to symlink the /u02/export/cdrs directory to the user home directory.
You could need to add a restricted shell for this user can put some files there. You can use rssh tool for that.
usermod -s /usr/bin/rssh sftpexport
Enable allowed protocols in config /etc/rssh.conf.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have Linux VPS and few accounts there. I used SSH with root logins to copy files from one account to another (e.g. in this folder
/home/firstacc/public_html/forum I typed cp -R * /home/secondacc/public_html/community).
Now when I use regular FTP to edit files on secondacc - I can't modify it - SmartFTP says permission denied. Now how do change ownership or permissions so they can be edited via regular FTP ?
use chmod to set the permissions (but be careful not to allow any wild process to modify your files) and chown/chgrp to change ownership/group-membership of your file.
ideally you would create a group (i call it 'fancyhomepage') where both users are members thereof:
# addgroup fancyhomepage
# adduser firstacc fancyhomepage
# adduser secondacc fancyhomepage
then make sure that all files you want to share belong to this group and are group-writeable
$ chgrp -R fancyhomepage /home/secondacc/public_html/community/
$ chmod -R g+rwX /home/secondacc/public_html/community/
$ chown -R <user>:<org> on the directory changes the permissions for everything in the directory and below.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am trying scp -r usernameipaddress:/path /pathwhereIwanttocopy, but I am getting it as connection refused.
How can I get it? How can I get connected?
The -r flag should work. In your example you seem to be forgetting the name of the folder you want to copy. Try:
scp -r nameOfFolderToCopy username#ipaddress:/path/to/copy/
to copy a folder from your local computer to a remote one. Or
scp -r username#ipaddress:/path/of/folder/to/copy /target/local/directory
to copy a folder from a remote machine to your local one.
You may also want to check out rsync. It has lots of options for handling duplicates, permissions etc.
rsync -r username#computer:/path/to/source /path/to/dest
or for upload
rsync -r /path/to/source username#computer:/path/to/dest
If you have a folder called working in your user directory, all you need is:
scp -r username#ipaddress:working ./
It's likely you'll get "Permission Denied" with this:
scp -r username#ipaddress:/working ./
Can you check to see if the ssh service is running on the remote machine? If you can login, try:
ps -aux | grep sshd
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am setting up a Linux web server running apache. I uploaded and untared my web sites files. The files in the main directory are all visible when I am SSH'd into the system. However, I am blocked from all subdirectories.
If I write:
# cd images
Then I get the error:
-bash: cd: images: Permission denied
I am signed in as ec2-user. I untarred the stuff as ec2-user and I doubt there was any permissions in the tar file since I created the archive on a Windows system.
The weird thing is that I am the owner of this directory. Here is a snippet of the command:
ls -l
drw-rw-r-- 19 ec2-user ec2-user 4096 May 4 04:09 images
When I do "sudo su" and then type the command cd images everything is fine.
Why do I get "Permission denied" as ec2-user if I am the owner and have rw permission?
You need execute permission too:
chmod +x images
should take care of it. The execute permission for directories translates to a "traverse directory" permission.
It misses executable bit on the directory which is essential to be able to cd in there.
A quick fix would be to run in the directory where you unpacked your stuff:
# find . -type d | xargs chmod a+x
If you have directories with spaces in them, use the following:
# find . -type d -exec chmod a+x "{}" \;