I'm unable to ssh into my EC2 instance, seems to be an issue with the permission level of the ssh .pem file I'm passing to ssh, googling around this seems to be a problem many others have faced but their solutions didn't work for me.
Here is what I tried, someone please help...
Atempt 1:
asemani$ ssh -i ~/.ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0777 for '.ssh/secure.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key ".ssh/secure.pem": bad permissions
Permission denied (publickey).
Attempt 2:
asemani$ chmod 600 ~/.ssh/secure.pem
asemani$ ls -l ~/.ssh/
total 56
-rw-r--r-- 1 asemani CORP\Domain Users 782 Apr 29 11:14 config
-rw-------# 1 asemani CORP\Domain Users 1696 Apr 29 21:32 secure.pem
asemani$
asemani$ ssh -i .ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
Permission denied (publickey).
I don't get the warning anymore but Permission is still denied. I then also tried doing a chmod 400 on the .pem file but that also didn't work. I won't paste that here since that may be overkill.
What is happening here? How can I ssh into my ec2? This should be a simple thing??
Change permission to chmod 400 ~/.ssh/secure.pem
Are you able to login as the default user using your pem key? For Ubuntu instances, default user should be ubuntu; for most other instances it should be ec2-user. If you're able to login as the default user, chances are that root isn't allowed for ssh login. To change that, login as the default user and do the following:
# Edit sshd_config and modify 'PermitRootLogin XX' to 'PermitRootLogin yes'
sudo vi /etc/ssh/sshd_config
# Reload sshd configuration
sudo service sshd reload
NOTE: This only serves as a how-to. It's generally not recommended to allow root login over ssh for security reason.
You need to launch the instance through your AWS EC2 management console. Once it is launched, copy the public DNS IPv4 and paste it after the linux distribution name being used (e.g. ubuntu#IPv4). Also, make sure you are working in the directory that houses your private access key.
For clarification, once your EC2 instance is launched and you're in the directory that holds your private access key, type in the following in the command-line:
ssh -i private_access_key.pem linux#IPv4
to windows users can change the premise of files through wsl doing this:
Edit or create (using sudo) /etc/wsl.conf
[automount]
options = "metadata"
Restart wsl: (powershell)
PS Get-Service LxssManager | Restart-Service
and finally, do:
chmod 400 key.pem
Related
I'm trying to setup a code-server (vscode in browser) instance and read/write from a mounted samba share. Unfortunately when I try to add a file it gives me an error that I do not have permissions to read/write to that folder. When I try to add files with the same credentials on Windows it does work though. This is the error that VSCode gives me:
Unable to write file
'vscode-remote://localhost:8080/home/user/repository/test'
(NoPermissions (FileSystemError): Error: EACCES: permission denied,
open '/home/gmetitieri/user/test')
If I sudo touch file.txt then the file will be created and added. I already used chmod and added full access to the folder but it still won't work. Is this a credentials thing or am I missing something?
I already tried this answer but it still doesn't let me write as non-root
Edit: This is the command I used to mount the drive (just with different folder names and IP address):
sudo mount -t cifs -o rw,vers=3.0,credentials=/root/.examplecredentials //192.168.18.112/sharedDir /media/share
Considering "non-root through Samba", especially in new releases of OpenSuse (...15.3 -- 15.4), I do few movements into normal configuration panels (no sudo commands or anything technical).
Using Yast Firewall section -- For now (immediate solution):
I turn off the firewall, then see what you can turn on (after this) to keep the samba working with Microsoft Windows.
More details on how to do this with images on my website.
This happens when the directory on the Samba share does not have permission for non-root users.
In your smb4.conf file:
[test]
comment = Test share
path = /path/to/directory
force user = unixuser
valid users = sambauser
In this example, unixuser should be the owner of the files in /path/to/directory. The user logged into Samba in this example is a user called sambauser.
Have a Linux server with OpenAFS and access to / files.
Access is read-only and like user privileges (ex. can read /etc/passwd, but can't read /etc/shadow).
It possible to run command? With /bin/bash for example?
And, on server have sshd service, but don't have rights to /root/.ssh/id_rsa
Any ideas?
I've encountered a problem of connecting to server via ssh.
I have a server A and B. From server A I run .sh script which parses log on server A, then connects to server B and do the same task. In console everything works fine, but not with web-interface.
I connect to server using cgi whith apache2. When I run script on server A, it parses log and returns relult, however it fails to connect server B.
Here is the log of httpd:
[Thu Nov 22 14:09:34 2018] [error] [client 10.1.68.243] Permission denied, please try again.\r, referer: http://cab-prod-comp-sd/cgi-bin/example-bash.sh?val_x=RDWH.&val_z=1
server A script:
-rwsrwxr-x 1 sas sas 2217 Nov 22 11:25 /sas/oljas_scripts/find_usage_of_tables.sh
server B script:
-rwxrwxr-x 1 sas sas 1202 Nov 19 09:16 find_usage_of_tables.sh
the part where I connect to server B:
SAS_RESULTS=$(ssh sas#sas-p1l-comp /sas/oljas_scripts/find_usage_of_tables.sh $table_name)
Appreciate any help.
Thank you!
EDIT:
Do I need to give a permission to user Apache? How to do this?
This is what I assume from your question:
system A runs httpd with user "apache".
system B has a user called "sas".
you want user "apache" to connect to system B, using "sas" user.
your connect code does not show any password or passphrase being used. You did not mention ssh agent either, so the ssh connection is done via ssh keys.
sshd on system B is configured to allow connections without passwords (i.e. use key authentication). From the comments above, see this: https://superuser.com/questions/543626/ssh-permission-denied-on-correct-password-authentication, John Siu's answer.
On system A, user "apache":
if it does not already have them, in ~/.ssh you should setup a private and a public ssh key (ssh-keygen, check on the web, well documented).
On system B, user "sas":
user "sas", in ~/.ssh, create (if required) a file called authorized_keys.
in this file, put the public key of the "apache" user from system A.
this will allow user "apache" on system A to connect to system B, with user "sas".
Couple traps to avoid, on system B
make sure the permissions on user "sas", ~/.ssh are 700.
permissions on user "sas", ~/.ssh/authorized_keys are 600.
permissions on user "sas", ~ are 700. Here I mean the home directory for "sas". Ex. ~ for "sas" is /home/sas, then if you ls -al /home you should see directory sas with 700.
To debug you can do ssh -v -v -v sas#sas-p1l-comp.
For your question about known_hosts, on system A, when it first connects to system B, if it does not find system B in the file, ssh will add it for you. BUT you have to do it at least once manually. The ssh client will want you to confirm the addition, and this can only be done on the command line. The web interface will not answer the client. So connect once manually, then you will be ok for the web as well.
Until that works, no point trying to setup httpd on system A. This must work at the command line first.
Thanks everyone!
Problem solved by running apache server from user SAS.
We have small array of GPDB Cluster. We have recently upgraded the GPDB and configured the GCC web portal. In that, we noticed Our machines is still showing password at the time of SSH .
We tried following Document commands on greenplum machine:
http://www.servermom.org/passwordless-ssh-login/1608/
Unable to get passwordless SSH at root user from windows to linux machine.
Though,We have ability to do passwordless SSH from Linux to linux machine in gpdb cluster.
Trying to secure shell for greenplum from windows to linux:
Password-less Login: Windows (via Putty) to Linux(greenplum)
Is there any standard way or steps to perform Login via SSH without prompt of password. and from which user should we need to perform all these activities.
Any Help on it would be much appreciated ?
Thanks for asking this question, I never thought of this..
Here is what I did and It worked for me.
Open Putty Key Generator
Generated Key and copy it into .ssh/authorized_keys (Make sure you are copying complete key)
chmod -R 700 .ssh/
Save public and private keys (See Image)
Now open putty and provide user#hostname
In Category goto Connection > SSH > Auth and load private key (.ppk file) you have saved from Putty Key Generator
- Save the session and open
A couple things to watch out for:
~gpadmin/.ssh directory and ~gpadmin/.ssh/authorized_keys should have 700 and 600 permissions, respectively:
$ ls -lda ~gpadmin/.ssh
drwx------ 15 gpadmin gpadmin 510 May 27 11:43 /home/gpadmin/.ssh
$ ls -l ~gpadmin/.ssh/authorized_keys
-rw------- 1 gpadmin gpadmin 4496 Dec 2 11:12 /home/gpadmin/.ssh/authorized_keys
When you connect with Putty, try enabling verbose output to be sure it is using the matching private key for the public key you've added to the Greenplum authorized_keys file.
You can also look in the /var/log/secure log file to see what the Greenplum server's SSHD process is doing for more clues.
I've been trying to setup access to my Amazon instance to my development team and have hit a bit of a brick wall. I've tried a bunch of different tutorials online & none seem to work. Here's my config:
I have access to the AWS Management Console & I'd rather that I be the central administrator of that account, they don't need to setup new instances.
I have a t1.micro instance setup Running 32 bit Amazon Linux AMI
My developer and I both use Macs. I am able to ssh in to the machine using my key pair that is assigned to the box
I've previously tried to ssh into the machine & add my developers key & but he keeps getting Permission Denied (Public Key)
I setup a keypair for my dev, but its obviously not tied to the account, mine is.
Do I have to setup the developer in IAM so that they login & setup the original key that I had to setup when I first created the account? Could that be what they are missing?
I did get one of them to setup a key on their machine & provide me the RSA info to insert into the ~/.ssh/authorized_keys file, however they still received the error message above. Even when their key was chmod'd correctly, they still received that error. Could that be due to chmod needed on the .ssh folder?
Just trying to get some clarity on requirements of accessing a linux-based EC2 instance that isn't the main admin of the account (i.e. my developers). FYI I trust them with full permissions on the instance.
Thanks.
.ssh directory should be chmod 700.
You don't need to created any IAM user for connection to your ec2 instance via ssh. You just need to add your developer's public key to ~/.ssh/authorized_keys in your instance. Be sure that ~/.ssh owner is ec2-user, it should be like that by default.
Then the developers have to move their private key to ~/.ssh/id_rsa and do:
chown "dev_user"."dev_user" -R ~/.ssh/
chmod 400 ~/.ssh/id_rsa
"dev_user" is the local user for your developers. Then be sure that ~/.ssh folder's owner is the same that id_rsa file and have 700 permission:
chmod 700 ~/.ssh/
The developers just have to do:
ssh ec2-user#x.x.x.x