we have cloud virtual machines where we able to login using pem and ppk file through WinSCP & Putty. I am going to write a shell script program to login into these machines.I tried something like but did not work.
ssh -i ~/ec2.pem ubuntu#12.34.56.78
Permissions 0664 for '/home/cloud-user/house_keeping/conf/ecp.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/cloud-user/house_keeping/conf/ecp.pem`enter code here`
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
The problem is
Permissions 0664 for '/home/cloud-user/house_keeping/conf/ecp.pem' are too open.
The manual page for ssh explans the permissions that should be on the private keys:
These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute).
So you should change the permission to 0600 using
chmod 600 ~/ec2.pem
Related
I work under Centos 7.
For some time, I have a problem with the FTP /home/students directory whose access rights( permission) is set to 750. When I create a file as user students the file access permission is 644 (read/write for the owner and read-only for other users). But when the students user receives files by SFTP (with authentication by ssh key), the permission of these files is 600.
Can the right of access (permission) be imposed by the one who uploads the file by SFTP?
How to make the default permission for files received by SFTP automatically 644?
Thank you
I think u should do something like this > Modify /etc/ssh/sshd_config :
Subsystem sftp internal-sftp -m 0644
Then u should reload the SSHD Configuration :
sudo systemctl reload sshd
I am trying to transfer files to my Google cloud hosted Linux (Debian) instance via secure copy (scp). I did exactly what the documentation told to connect from a local machine to the instance. https://cloud.google.com/compute/docs/instances/connecting-to-instance.
Created a SSH keygen
Added the keygen to my instance
I can login successfully by:
ssh -i ~/.ssh/my-keygen [USERNAME]#[IP]
But when I want to copy files to the instance I get a message "permission denied".
scp -r -i ~/.ssh/my-keygen /path/to/directory/ [USERNAME]#[IP]:/var/www/html/
It looks like the user with which I login has no permissions to write files, so I already tried to change the file permissions of /var/www/, but this still gives the permission denied message.
I also tried to add the user to the root group, but this still gives the same problem.
usermod -G root myuser
The command line should be
scp -r -i ~/.ssh/my-keygen /path/to/directory/ [USERNAME]#[IP]:/var/www/html/
Assuming your files are in the local /path/to/directory/ and the /var/www/html/ is on the remote server.
The permissions does not allow to write in the /var/www/html/. Writing to /tmp/ should work. Then you can copy the files with sudo to the desired destination with root privileges.
If SSH isn't working, install gcloud CLI and run the following locally: gcloud compute scp --recurse /path/to/directory [IP] --tunnel-through-iap. This will dump the directory into your /home/[USERNAME]/ folder. Then log into the console and use sudo to move the directory to /var/www/html/.
For documentation, see https://cloud.google.com/sdk/gcloud/reference/compute/scp.
On my Windows 10, I am running into the problem of not being able to connect to m Vagrant virtual machine via ssh user with public key authentication method at git bash using command such as
$ ssh -v lauser#127.0.0.1 -p 2222 -i ~/.ssh/id_rsa
I would be prompted for password, as if the public key I copied to in the ~/.ssh/Authorized_keys file inside the vm were not seen. Meanwhile,the password authentication method works, as well as 'vagrant ssh'.
I have made sure to
create key pairs locally, create a .ssh directory at the remote, and add pub key string to the remote's .ssh /authorized_keys file; both the .ssh and the .ssh /authorized_keys file are owned by the user(lauser), and set at 700 and 644
edit the /etc/ssh/sshd_config file on vm to use
RSAAuthentication yes
PubkeyAuthentication yes
and restarted the sshd server (with 'sudo service ssh restart').
verify that firewall has been disabled temporarily to eliminate any complication.
verify that there is only one vm running, all others are either in 'suspend' or 'halt' mode.
confirm the file type by 'file ~/.ssh/authorized_keys', and get confirmation '~/.ssh/authorized_keys: OpenSSH RSA public key'
verify that the keys match by comparing the output from 'sudo cat ~/.ssh/authorized_keys' in vm and the output from ' cat ~/.ssh/id_rsa.pub' at the local.
but still I get Permission denied (publickey) when trying to connect through public key authentication.
It sounds like you've done everything correctly so far. When I run in to this problem, it's usually due to directory permissions on the target user's home directory (~), ~/.ssh or ~/.ssh/authorized_keys.
See this answer on SuperUser.
I faced same challenges when the home directory on the remote did not have correct privileges. Changing permissions from 777 to 744 helped me
I am new to Ubuntu-Linux,i have to create a ssh user in remote system and generate its key. and access this system by key_file through the command.
ssh -i key_file user#host
Can any body tell me how can i do ?
On the system you are trying to connect to, the public key (usually id_rsa.pub or something similar) needs to be added to the authorized_keys file.
If the user is brand new and the authorized_keys file doesn't exist yet, this command will create it for you.
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Next just make sure sshd is running on the host and you should be able to connect with the command you posted.
on remote-server-
ssh-keygen
ssh-copy-id user#host
cd .ssh
make a copy of the file id_rsa and give any body who want to access this server/system.
on the other system
ssh -i id_rsa user#host
If you want to connect to another host as user "user", what you need is the public key of the user that is going to open that connection, i.e. the user you are logged in on your desktop computer or some server you are coming from, not for the user, you are logging in to on the remote host.
You can check, if the keys for your current user are already created in $HOME/.ssh; there you should find something like "id_rsa" and "id_rsa.pub" (for rsa keys). If they don't exist, you create them by calling
ssh-keygen -t rsa
The public key that is generated that way, id_rsa.pub in this example, has to be put in a file ${HOME of user on remote host}/.ssh/authorized_keys on the target host.
If this file does not exist on the remote host or if even .ssh does not exist, you have to create those files with the following permissions:
.ssh 700
.ssh/authorized_keys 600
See http://www.openssh.com/faq.html#3.14 for details.
A detailed description of the process can be found here:
https://help.github.com/articles/generating-ssh-keys/
generally, i login to a server xyz.com using my login credentials(myuserid#xyz.com),
my home = /home/user/myuserid/
after login, i do "su - someuser" to access the files.
i would like to copy a file from local machine to a directory in someuser eg: /abc/someuser/temp
for this, i am using
scp somefile.txt myuserid#xyz.com:/abc/someuser/temp/
it is asking my password for myuserid and then says.. /abc/someuser/temp/ permission denied
what command shall i use to copy a file to su in remote host?
You'll have to use someuser's credentials to do the scp
scp somefile.txt someuser#xyz.com:/abc/someuser/temp/
Alternatively you can give myuserid permission to someuser's home directory.