I'm just trying to move a simple text file from the local host to the remote host. I'm using Google's Cloud computing and more specifically, I'm using the gcloud command line tool. Here are the instructions and errors I received:
Admins-MacBook-Pro-4:downloads kylefoley$ gcloud compute scp lst_calc.txt instance-1:/home/kylefoley76/hey.txt
No zone specified. Using zone [us-central1-a] for instance: [instance-1].
Updating project ssh metadata...⠧Updated [https://www.googleapis.com/compute/v1/projects/atomic-drake-250022].
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
Warning: Permanently added 'compute.1494876250178113937' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
scp: /home/kylefoley76/hey.txt: Permission denied
ERROR: (gcloud.compute.scp) [/usr/bin/scp] exited with return code [1].
I then tried putting root# in front of the remote path and got the following error:
Admins-MacBook-Pro-4:downloads kylefoley$ gcloud compute scp lst_calc.txt root#instance-1:/home/kylefoley76/hey.txt
No zone specified. Using zone [us-central1-a] for instance: [instance-1].
Updating project ssh metadata...⠛Updated [https://www.googleapis.com/compute/v1/projects/atomic-drake-250022].
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
root#35.193.247.37: Permission denied (publickey).
Enter passphrase for key '/Users/kylefoley/.ssh/google_compute_engine':
It was then clear that the program was caught in an infinite loop of some kind.
UPDATE
Also, I want to make it clear that my problem is not a linux problem but a gcloud problem. A lot of people who have this problem recommend putting the files in the /tmp folder. On the remote Linux computer that I'm connected to it seems that I have all of the necessary permissions. I've created folders and files on this remote machine and I've moved the files around with terminal, so I think that rules out the possibility that my problem lies with the permissions of the Linux computer itself.
Create a tmp dir under your home in your instance with chmod 777 and send files to that.
gcloud compute scp ./app.tar.gz my-vm:~/tmp
Reason of the message:
This message means that the network connection from the client to the server is working, and that SSH is running. However, key-based authenticatication failed.
Troubleshooting steps:
Make sure that you have authenticated to gcloud as an IAM user with the compute instance admin role.
run gcloud auth login [IAM-USER] then try gcloud compute ssh again.
Verify that persistent SSH Keys metadata for gcloud is set for either the project or instance.
gcloud compute project-info describe --format flattened | grep
commonInstanceMetadata.items | grep ssh | grep -v expireOn
It's possible that you lost the private key, mismatched a keypair, etc. You can force gcloud to generate a new SSH keypair by doing the following:
If present, by moving ~/.ssh/google_compute_engine and ~/.ssh/google_compute_engine.pub. For example:
mv ~/.ssh/google_compute_engine.pub ~/.ssh/google_compute_engine.pub.old
mv ~/.ssh/google_compute_engine ~/.ssh/google_compute_engine.old
Try gcloud compute ssh [INSTANCE-NAME] again. A new keypair will be created and the public key will be added to the SSH keys metadata.
Verify that the Linux Guest Environment scripts are installed and
running. If the Linux Guest
Environment is not installed, re-install it.
Related
I am trying to read cat id_rsa, but is it throwing
cat: id_rsa: Permission denied
Also is not letting me push changes to the repository by saying
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
What am i missing
Need root use permission to read this file so use
sudo cat id_rsa
Did you try with sudo to read the file?
sudo cat id_rsa.pub
To my knowledge anyways the ssh key needed for GitHub is the publickey.
To further debug your problem, you might want to make sure that the ssh key is actually added to your github account and has the right permissions.
You can debug if your ssh key is being used with your account by following the steps here
further steps of debugging the issue that might be helpful can be found here (e.g. verifying that your user can make connections after verifying the ssh key)
I have create cron job in kubernetes and I have ssh key in one of pod directory. when I am executing from command line its working fine, but when I am manually triggered , cron job is not recognizing .ssh folder .
scp -i /srv/batch/source/.ssh/id_rsa user#server:/home/data/openings.csv /srv/batch/source
When you log into a remote host from your container, the remote host key is unknown to your SSH client inside the container
usually, you're asked to confirm its fingerprint:
The authenticity of host ***** can't be established.
RSA key fingerprint is *****.
Are you sure you want to continue connecting (yes/no)?
But as there is no interactive shell, the SSH client fails.
Two solutions:
add the host key in the file ~/.ssh/known_hosts in the container
disable host key check (Dangerous as no remote host authentication is performed)
ssh -o "StrictHostKeyChecking=no" user#host
I'm trying to setup passwordless ssh access to my cluster.
I've used ssh-copy-id clsadmin#my-clusterhostname and entered the cluster password when promoted. The output from ssh-copy-id shows:
Number of key(s) added: 1
However, when I try to ssh into the cluster, I'm prompted for my password. If I log in to the cluster, I can see the key has been added to ~/.ssh/authorized_keys.
Why is passwordless ssh not working after these steps?
The problem seemed to be because I had used a DSA key. After creating a RSA key and copying that to the cluster, I was able to login over ssh without entering my credentials.
I'm having an hard time trying to configure Capistrano 3.1 to deploy an app hosted on Github.
I'm following Capistrano Documentation and I have successfully completed the first step (SSH keys from workstation to servers) and on the second one (From our servers to the repository host) I'm able to successfully run ssh -A deploy#one-of-my-servers.com 'git ls-remote git#github.com:my_user/my_repo.git':
18f38afz261df35d462f7f4e2ca847d22f148a06 HEAD
18f38afz261df35d462f7f4e2ca847d22f148a06 refs/heads/master
however, ssh deploy#one-of-my-servers.com 'git ls-remote git#github.com:my_user/my_repo.git' fails:
Permission denied (publickey).
Capistrano docs suggests
If you get the error "host key verification failed." log in into your server and run as the deploy user the command ssh git#github.com to add github.com to the list of known hosts.
SO, I tried so but I get
ssh git#github.com
Warning: Permanently added the RSA host key for IP address '192.30.252.131' to the list of known hosts.
Permission denied (publickey).
And I'm basically not able to successfully access the Github repo.
SSH documentation states:
-A Enables forwarding of the authentication agent connection. This
can also be specified on a per-host basis in a configuration
file.
How can I specified on a per-host basis in a configuration file?
My local machine runs Mac OSX Mavericks.
The VPS runs Ubuntu 12.04
Thanks.
Do you have your ssh key added to the list of agent identites ?
You can check with ssh-add -L , you should see the key your are using to connect to github :
$ ssh-add -L
ssh-rsa AAAAB3N.....0VmSiRvTzBrbU0ww== /Users/youruser/.ssh/id_rsa
If you don't see the ssh key you use for github or a message like
The agent has no identities.
Then you should add your key with :
ssh-add ~/.ssh/id_rsa
(replace with the path to the key you use for github)
See the ssh-add doc for more info
Add following lines to .ssh/config file on your local computer
Host Server_Address
ForwardAgent yes
Check your local key whether listed in ssh-add list or not with
ssh-add -L
If not add key to SSH Agent
ssh-add -K
Connect to Remote Server
ssh -v username#Server_Address
Check SSH Agent forwarding is enabled by running following command. It should list a socket file
echo "$SSH_AUTH_SOCK"
Run connection test against GitHub
ssh -T git#github.com
Run ls remote test against targeted git repository
git ls-remote --heads git#github.com:account/repo.git
Finally logout and run following from your local machine
cap production git:check
Add the following to ~/.ssh/config
Host one-of-my-servers.com
ForwardAgent yes
Yet another cause: If the target host's fingerprint doesn't match with your ~/.ssh/known_hosts, SSH automatically disables Agent Forwarding.
The solution is:
$ ssh -A -o UserKnownHostsFile=/dev/null my-target-host
Here is my setup:
Jenkins is running on my linux machine as 'jenkins' user.
I have generated a ssh key-pair as described in Linux - Setup Git, for the 'jenkins' user.
When I sudo su jenkins and try ssh -vT git#github.com, I am always asked my passphrase, but I am always eventually authenicated. (the verbose option shows which key is used, among others).
I could clone my repo from GitHub using jenkins:
Thusly:
jenkins#alpm:~/jobs/test git/workspace$ git pull
Enter passphrase for key '/var/lib/jenkins/.ssh/id*_rsa':
Already up-to-date.
Up to this point I have followed the instructions to the letter. The problem is that the Jenkins job fails with the following error:
status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
This is same error as I get when I typo the passphrase (but of course, Jenkins does not ask me for the passphrase). The following pages:
GitHub - SSH Issues
Using SSH Agent Forwarding
indicate to me that ssh-agent could help remember the passphrase, which it does when I am using my own user, but not the jenkins id. Note that while running as my normal user yields:
echo "$SSH_AUTH_SOCK"
/tmp/keyring-nQlwf9/ssh
While running the same command as my 'jenkins' yields nothing (not even permission denied)
My understanding of the problem is that the passphrase is not remembered.
Do you have any idea?
Shall I start a ssh-agent or key ring manager for the jenkins user? How?
Or is ssh forwarding suitable when forwarding to the same machine?
Any brighter idea?
ps: I never sudo gitted, I always used jenkins or my user account (as mentioned in this SO post - Ubuntu/GitHub SSH Key Issue)
Since nobody wrote the answer from the comments for several months, I will quickly do so.
There are 2 possible problems/solutions:
id_rsa created with wrong user
Create id_rsa as the jenkins user (see hudson cannot fetch from git repository)
Leave passphrase empty
To summarise what must be done on the Jenkins server:
# 1. Create the folder containing the SSH keys if necessary
if [ ! -e ~jenkins/.ssh ]; then mkdir ~jenkins/.ssh; fi
cd ~jenkins/.ssh/
# 2. Create the SSH pair of keys
# The comment will help to identify the SSH key on target systems
ssh-keygen -C "jenkins" -f ~jenkins/.ssh/id_rsa -P ""
# 3. Assign the proper access rights
chown -R jenkins ~jenkins/.ssh/
chmod 700 ~jenkins/.ssh
chmod 600 ~jenkins/.ssh/*
Remember:
Please keep the default "id_rsa" name when generating the keys, as other such as "id_rsa_jenkins" won't work, even if correctly set up.
Do not use a passphrase for your key
Check that the public key (id_rsa.pub) has been uploaded on the git server (GitHub, Bitbucket, etc). Once done, test your SSH key by running: ssh -vvv git#github.com (change address according to your git server)
I got around this problem by simply leaving the passphrase empty when creating the keys.
I would add that if you created the keys by hand, they might still be owned by you and not readable by jenkins, try:
sudo chown jenkins -R /var/lib/jenkins/.ssh/*
To check are the following:
if the right public key (id_rsa.pub) is uploaded to the git-server.
jenkins user will access to github -> to CHECK if the right private key (id_rsa) is copied to /var/lib/jenkins/.ssh/
if the known_hosts file is created inside ~/.ssh folder. Try ssh -vvv git#github.com to see debug logs. If thing goes well, github.com will be added to known_hosts.
if the permission of id_rsa is set to 755 (chmod 755 id_rsa)
After all checks -> try ssh -vvv git#github.com
Dont try to do config in jenkins until ssh works!
If you are running jenkins as a service in windows, you need to verify the user running the service. If you created the keys using the user "MACHINENAME\user", change the service so the user running it can match
For Mac users, the issue can be solved by removing the existing keys and creating new Private and Public Keys by following these steps:
1.Remove all Public and Private keys located at /Users/Username/.ssh
2.Remove all the credentials saved under the Credentials tab in Jenkins.
3.Remove the existing Public SSH keys defined in the Github Repository Settings.
4.Create new SSH keys (private and public: id_rsa and id_rsa.pub) by following the steps from https://confluence.atlassian.com/bitbucketserver/creating-ssh-keys-776639788.html#CreatingSSHkeys-CreatinganSSHkeyonLinux&MacOSX
5.Set the newly created public SSH key (id_rsa.pub) in Github or an equivalent Repository Settings.
6.In Jenkins,create new credentials by adding the private SSH key(id_rsa) for your Github username.
7.The Error should be removed now.
keys need to generated from jenkins user.
sudo su jenkins
ssh-keygen
once the key is generated, it should be added as ssh key in bitbucket or github.