Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am trying to make ssh key for a the deployer user
[deployer#server /]$ ssh-keygen -t rsa -b 4096 -C "email#yahoo.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/deployer/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
open /home/deployer/.ssh/id_rsa failed: Permission denied.
Saving the key failed: /home/deployer/.ssh/id_rsa.
i have tried all of theses
[root#server /]# chmod -R 644 /home/deployer
[root#server /]# chmod -R 755 home/deployer
[root#server /]# chmod -R 755 /home/deployer
[root#server /]# chmod -R 755 home/deployer
Looks like deployer is not the owner of its own home directory. Try giving him the ownership:
[root#server /]# chown -R deployer: /home/deployer/
It looks like you don't have the privileges to save the files necessary to complete the operation. Try running the same command using sudo:
sudo ssh-keygen -t rsa -b 4096 -C "email#yahoo.com"
When prompted for a password, enter your password. If this doesn't work, you can try using the command su, which will switch to the root user directly.
try the following:
1) cd /home/deployer
2) ssh-keygen --t
3) chmod 700 .ssh
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
That's how I am trying to do it:
Step 1:
sudo adduser Philipp --disabled-password
sudo su - Philipp
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
create keypair from AWS console
Step 2:
I am retrieving the public key for my keypair using:
ssh-keygen -y
copy & paste the public key
Step 3
vim authorised_keys
pasting the public key in 1 line
in vim command :w
in vim command :q
UPDATE
When I now try to the following in terminal:
ssh -i "keypair.pem" philipp#xx.xxx.xxx.xxx
I receive the following:
philipp#xx.xxx.xxx.xxx's password:
What am I doing wrong?
With my main Linux User I am able to SSH the same way..
Add user to your system using adduser
On your host generate keys : ssh-keygen
Copy public key to remote machine: ssh-copy-id user#host
Make changes in sshd_config on remote machine:
AllowUsers user#host or same username
Match User username
AuthenticationMethods 'publickey'
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I want to copy letsencrypt folder from my remote ec2 machine to my local folder.
So I run this command:
scp -i key.pem -r ubuntu#ec2-3-188-92-58.us-east-2.compute.amazonaws.com:/etc/letsencrypt my-letsencrypt
Some files are copied but other failed with this error Permission denied:
scp: /etc/letsencrypt/archive: Permission denied
scp: /etc/letsencrypt/keys: Permission denied
I want to avoid to change ec2 files permissions.
What can I do to copy this folder to my local filesystem?
You are logging in with the account ubuntu on the server, but that account doesn't have the correct permission to read (and therefore) copy all the files. Most likely some of the files are owned by root and are not readable by others.
You can check the permission yourself with ls -l /etc/letsencrypt.
To copy the files anyway, here's two options:
1. Make a readable copy
on the remote server (logged in via SSH), you can make a copy of the folder, and change the permissions of the files:
sudo cp -r /etc/letsencrypt ~/letsencrypt-copy
sudo chown -R ubuntu:ubuntu ~/letsencrypt-copy
Now you can copy the files from there:
scp -i key.pem -r ubuntu#ec2-3-188-92-58.us-east-2.compute.amazonaws.com:letsencrypt-copy my-letsencrypt
2. copy from root
If you have ssh access on the root account, then just copy using that account:
scp -r root#ec2-3-188-92-58.us-east-2.compute.amazonaws.com:letsencrypt-copy my-letsencrypt
Here you need public read permission
- First SSH to your remote server ubuntu#ec2-3-188-92-58.us-east-2.compute.amazonaws.com
sudo su - (make sure you are a root user)
chmod -R 0744 /etc/letsencrypt
now try to download again with SCP again
after download put back permissions to 0700
chmod -R 0700 /etc/letsencrypt
Check the file permissions for archive & keys. It should be 400. Just change to 600. After the change, try copying again.
chmod -R 600 ./archive ./keys
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I have written a bash script that goes to each machine and runs set of command. I am using the user iis that has sudo privlidges on that machine. However, when i run the sudo yum command i get sudo: sorry, you must have a tty to run sudo.
Not sure what is wrong ? I am using the -t command to force but it would still not work
bash script
#!/bin/bash
INPUT=ccidetails.csv
OLDIFS=$IFS
IFS=,
[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }
while read privateip password
do
echo $privateip
scp /home/Data/Test.c iis#$privateip:/tmp
sshpass -p$password </dev/null ssh -t -o "StrictHostKeyChecking no" iis#$privateip "
hostname
cd /tmp
gcc Test.c -o TEST
./TEST
sudo yum -y update glibc
gcc Test.c -o TEST
./TEST
exit
" >> output.txt
done < $INPUT
IFS=$OLDIFS
Error:
sudo: sorry, you must have a tty to run sudo
On remote host comment the line below on /etc/sudoers:
grep tty /etc/sudoers
#Defaults requiretty
That will allow you to continue. Make sure you understand the consequences of doing so:
man sudoers | grep -i requiretty -A 5
requiretty If set, sudo will only run when the user is logged in
to a real tty. When this flag is set, sudo can only be
run from a login session and not via other means such
as cron(8) or cgi-bin scripts. This flag is off by
default.
If you don't want disable requiretty globally you can disable it for a specific user:
example:
Defaults requiretty
Defaults:your_username_goes_here !requiretty
While this isn't a question for SO, you're almost there ... what you need to change is the number of -t above ... try this:
sshpass -p$password </dev/null ssh -ttt -o "StrictHostKeyChecking no" iis#$privateip "
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have a file with root permissions like this
[root#testbox ~]# ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 113 Feb 21 21:29 /etc/resolv.conf
I have enabled passwordless sudo for my user using /etc/sudoer
%mayur ALL=(ALL) NOPASSWD: ALL
I want some way where if I try to edit this particular file I get blocked.
for eg .. I want to block these commands based on THE FILE NAME
$ echo 123 | sudo tee /etc/resolv.conf ## SHOULD GET BLOCKED
$ touch newfile | echo 123 > newfile | sudo cp newfile /etc/resolv.conf ## SHOULD GET BLOCKED
My Efforts:
%mayur ALL=(ALL) NOPASSWD: ALL,!/* /etc/resolv.conf
This did not help at all.
I also checked sudoers man page but it
seems regex support isnt that great.
Any things that works will help. Thanks.
EDIT: I want to be able to apply the solutions accross multiple servers with multiple users having sudo access
You can use a wrapper:
#!/bin/bash
declare -A EXCLUDE
while IFS= read -r FILE; do
EXCLUDE[$FILE]=.
done < /etc/sudoers.exclude-list
for ARG in "$#"; do
TARGET=$(exec /usr/bin/readlink -m -- "$ARG")
[[ -n $TARGET && -n ${EXCLUDE[$FILE]} ]] && {
echo "sudo: Sorry, target is not allowed: $TARGET"
exit 1
}
done
exec /path/to/real/sudo-in-secured-location "$#"
Where /etc/sudoers.exclude-list is a line-based list of absolute real file paths. Entries must not contain extra spaces and list must not be in DOS format.
This script must have same ownership and permissions as the real sudo.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
By mistake I give via ssh with root privelege a
chmod -R 777 /var/
in stead of
chmod -R 777 var/ for a var folder inside a home directory.
Now I cannot login again via ssh. I have a resque mode availble.
What to do? Does someone this?
First of, twice check your input while in root mode. Then, you need to restore correct permissions in your ~/.ssh folder:
chmod 700 ~/.ssh
chmod 644 ~/.ssh/*
And, also, restore your permissions in /var directory as well:
chmod 755 /var/empty
chmod 755 /var/run