I want to use Docker Desktop and to run docker-compose up, but I am getting permission denied and a prompt asking me to enter passphrase for PGP, but I forgot and don't even remember setting a passphrase in the first place.
enter image description here
What to do? I don't care if I loose stuff, I just want to run Docker.
I tried to uninstall Docker and docker-compose and reinstalling, but the problem persists. How do I recover the passphrase?
Related
I'm using Gitkraken and it keeps forgetting my SSH Key passphrase after every restart of the app. I've tried ssh-add with the Gitkraken CLI/Terminal, but I haven't been able to figure out how to make Gitkraken remember the SSH Key passphrase in between restarts. Can somebody educate me how to do this?
I fixed this by using the local SSH agent on Mac (Ventura OS):
SSG Agent parameter location in Gitkraken
And prior to that I had to load automatically my passphrase in my .zshrc (not sure if it's mandatory to make it work with Gitkraken):
ssh-add --apple-use-keychain ~/.ssh/id_rsa
everyone.
I hope that someone can help to answer my question.
I am joining a project in which I have to use various docker containers. I was told that I just needed to use docker-compose to pull down all the necessary containers. I tried this, and got two different errors, based on whether I used sudo or not. My machine is Ubuntu bionic beaver 18.04.4LTS
I have docker-engine installed according to the installation instructions for Bionic on the github page, and docker-compose is likewise installed according to its instructions. I did not create a "docker" group since I have sudo access.
We have two repos that I have to log in to before I can do anything. In order to prevent my passwords from being stored unencrypted in config.json, I followed this guide to set up a secure credential store:
https://www.techrepublic.com/article/how-to-setup-secure-credential-storage-for-docker/
However, rather than asking me for the password and/or passphrase mentioned in this article, the login process makes me enter the actual passwords to the repos. So, the secure credential store may not be working, which might be causing the problem.
At any rate, once I log in and the two commands show login succeeded, I then try to do a
docker-compose pull
on the repos. When I do
sudo docker-compose pull
I get this final error:
docker.errors.DockerException: Credentials store error: StoreError('Credentials store docker-credential-pass exited with "exit status 2: gpg: WARNING: unsafe ownership on homedir '/home/myuser/.gnupg'\ngpg: decryption failed: No secret key".')
an ls of the .gnupg directory is
myuser#myhost$ ls -lA ~ | grep gnupg
drwx------ 4 myuser myuser 226 Feb 9 13:35 .gnupg
gpg --list-secret-keys shows my keypair when I run it as myuser.
I am assuming that what is happening is that because I am running as sudo the user trying to access this directory is root, not myuser, and so it is failing. However, if I leave off the sudo
docker-compose pull
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
I am guessing that this is because my normal user doesn't have the ability to connect to the docker daemon's Unix socket.
So, how do I make these play together? Is the answer to add a docker group so that the command still runs as myuser and not as root? or is there another way to do this?
Also, why is my credential store not asking me for the password set by docker-credential-pass or the GPG passphrase? I suspect these two are related. Perhaps the pull is trying to send my authentication tokens over again and can't because it doesn't have access to the secure credentials store.
All of the above are guesses. Does anyone know what is going on here?
Thanking you in advance,
Brad
I just wanted to follow up with a solution to this question that worked for me.
Firstly, you need to add your user to the docker group that was created during docker-engine's installation.
sudo usermod --append --groups docker your_user_name
Because I had already used sudo to try this, there were a few files that ended up being created by root.
So, you have to chown a few things.
sudo chown your_user_name:your_group_name ~/.docker/config.json
Note that for the group name I used
docker
but I'm not sure if that's necessary.
Then, there were files inside the ~/.password-store directory that needed to be changed.
sudo chown -R your_user_name:your_group_name ~/.password-store
Most of these files are already owned by you, but the recorded credentials are not.
Then, the magic that fixed it all. From
https://ask.csdn.net/questions/5153956
you have to do this.
export GPG_TTY=$(tty)
and it is this last that makes gpg work.
Then, you can log in to your repos if you have to without using sudo
docker login -u repo_user_name your_repo_host
and then log in with your repo password.
Note that I don't know why you have to use the repo password instead of using the stored credentials.
Once you log in, you should be able to do a
docker-compose pull
without sudo
from the directory where you want the containers to be placed.
Note that you will probably have to provide your GPG passphrase at first. I'm not sure about this because I had already unlocked the key by following the steps in the above link to check to see if docker-credential-pass had the right credential store password stored.
and that should do it.
I was trying to clone repository in eclipse from gitlab.
It was showing that I cannot checkout/commit repository unless generate ssh key pairs. It further gave me this link. I followed steps there. It created following files:
C:\Users\User Name\.ssh\id_rsa
C:\Users\User Name\.ssh\id_rsa.pub
Then I copy pasted public key back to GitLab.
Then ran this:
C:\Users\User Name>ssh -T git#xx.xx.xx.xx
The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:mZNjLhcagbXDWoshrvVT7wsMNbQ97UTGlJSfUsH6231.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xx.xx.xx.xx' (ECDSA) to the list of known hosts.
Ubuntu 16.04.6 LTS
Enter passphrase for key 'C:\Users\User Name/.ssh/id_rsa':
Enter passphrase for key 'C:\Users\User Name/.ssh/id_rsa':
Welcome to GitLab, User Name!
So I feel I able to connect from command link.
However I am not able to connect in Eclipse.
I specified id_rsa file in eclipse as stated here.
Then I tried to clone repo in eclipse as follows:
But it keeps asking me password, without ever connecting:
My information in gitlab profile:
Email: user.name#domain.com
Name: User Name
User name: UserN
Whats wrong going on here? What I am missing / doing wrong?
PS: I have masked some text of repo URI and my username in 2nd image.
In first screen shot, when I put git instead of UserN for User, it worked. Afterwards it asked me password for id_rsa, which when provided, started cloning repository. Dont know why this worked. Can someone shed some light?
I followed the guide from https://help.github.com/articles/generating-ssh-keys/ to generate a ssh key used to connect to github from my server.
The problem is if I close the shell and login the server again, I have to repeat below steps to reconnect to github, otherwise the accessing will be denied:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
How can I setup a permanent connection with github?
Since you are logging on to the command-line (presumably using SSH) all applications that you run, including ssh-agent, stop when you log out.
In my opinion your best bet is to have your CentOS machine start ssh-agent for you each time you log in, then manually use ssh-add to add your key. This can be done by modifying your shell's login script. If you are using bash, this file is called ~/.bash_profile. If you are using another shell, refer to its documentation and choose an appropriate file.
Edit one of these files and add eval "$(ssh-agent -s)" at the end.
Now, each time you log in ssh-agent should automatically start, and you can optionally run ssh-add (since you are using a file that ssh-add looks for by default you don't need to pass the file to the command) to add your key, then do Git stuff.
It sounds like you want to automate the adding of the key as well. This isn't something that I would choose to do since I like adding keys to be explicit, but because you don't have a passphrase on your SSH key you should be able to add ssh-add to the same file we modified above (after we start the agent, of course) and have your key added automatically.
Thanks #Chris
I did the following and it worked:-
Step1:- .bash_profile
Step2:- enter image description here
Step3:-source .bash_profile
Step4:- enter image description here
For the github configuration, I have completed the steps of
1.) creating new SSH keys
2.) entering my id_rsa.pub key and thus adding the key
But during the testing stage of testing, after I entered
user$ ssh -T git#github.com
A new window (outside the terminal) opens up asking : Enter your password for "id_rsa". Where can I find this password. FYI, I am using a Mac OS 10.5.8
Even after I entered:
user$ ssh -vT git#github.com
The same new window opens up asking for the "id_rsa" password.
Please help.
While creating your ssh key in step 1), make sure to enter no passphrase for it. Otherwise the setup will be more complicated as you need to use something like ssh-agent to enter the password automatically for you.