I got “Permission denied (publickey)" using:
ssh $USERNAME#my-ip
Things I’ve done:
Using Public/Private Key authentication, I can login to the server as root.
I created a user in the sudo group
I confirmed that my created user has sudo priveleges as I viewed auth.log successfully (sudo cat /var/log/auth.log)
I thought it was possibly because my server was unable to identify which key to use, as I have created multiple keys, so I specified which key to use:
ssh -i /path/to/key/id_rsa $USERNAME#my-ip
I got "Permission denied (publickey)" again.
I figured it out! Turns out I was missing an 's' in 'ssh' at the beginning of my authorized_keys file in my user. :) I also matched the permissions between the root and user authorized_keys files, though not sure if this helped truly.
Related
I can find plenty of references to this error, but they all point to permission issues, however my permissions appear to be fine as I can modify this folder using nano and SSH.
I'm trying to use RemoteSSH with a custom user account, user
The server is running Debian 11 and nginx
I have key based auth and I connect to the server. When I try to create or remove a file in the web folder (/var/www/html) I get this error message Error: EACCES: permission denied, <what I was trying to do, i.e. rename a file, or delete a file>
I can do all of these things using a standard SSH connection (openSSH built in to Windows 10)
The owner of /var/www/ is set to www-data (recursively)
user is a member of the group www-data
Do I need to do anything in VSCode to update permissions? Am I missing something else?
Here are the exact commands I used:
sudo adduser user www-data
sudo chown -R www-data:www-data /var/www
sudo chmod -R 0775 /var/www
OK I did a bit more Googling right after posting this, and I was able to fix this by deleting the .vscode-server folder in the home directory.
https://github.com/microsoft/vscode-remote-release/issues/3399#issuecomment-922935448
I'm not sure if there is an easier way to fix this without doing so, or having to do that every time permissions are changed.
I am trying to read cat id_rsa, but is it throwing
cat: id_rsa: Permission denied
Also is not letting me push changes to the repository by saying
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
What am i missing
Need root use permission to read this file so use
sudo cat id_rsa
Did you try with sudo to read the file?
sudo cat id_rsa.pub
To my knowledge anyways the ssh key needed for GitHub is the publickey.
To further debug your problem, you might want to make sure that the ssh key is actually added to your github account and has the right permissions.
You can debug if your ssh key is being used with your account by following the steps here
further steps of debugging the issue that might be helpful can be found here (e.g. verifying that your user can make connections after verifying the ssh key)
I am stuck on this annoying (and common) issue running Manjaro (latest). SSH works just fine for me on my local network. I can connect to my file server and pi-hole just fine.
GitHub however is proving more difficult.
gh repo clone User/Reponame gives the following:
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
Cloning into 'Reponame'...
warning: templates not found /usr/share/git-core/templates
The authenticity of host 'github.com (140.82.121.3)' can't be established.
RSA key fingerprint is SHA256:SomeLongNumberBlahBlah.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/USER/.ssh/known_hosts).
Load key "/home/USER/.ssh/id_rsa": Permission denied
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
exit status 128
Now I tried deleting my known_hosts, checking the file permission, creating new keys for my server/pi-hole and all works fine. I don't see why GH is struggling with permission. I've tried a few solutions but nothing seems to work for me. I've set my global user and email for github, I just can't get passed this step.
ssh -T git#github.com Asked for a passphrase and accepted it when I entered. Yay! I have both keys set and added to github.com via my browser etc. I must be missing something.
Still no change in the clone command. I am honestly stuck having read multiple threads on the subject. SSH always gets me :(
everyone.
I hope that someone can help to answer my question.
I am joining a project in which I have to use various docker containers. I was told that I just needed to use docker-compose to pull down all the necessary containers. I tried this, and got two different errors, based on whether I used sudo or not. My machine is Ubuntu bionic beaver 18.04.4LTS
I have docker-engine installed according to the installation instructions for Bionic on the github page, and docker-compose is likewise installed according to its instructions. I did not create a "docker" group since I have sudo access.
We have two repos that I have to log in to before I can do anything. In order to prevent my passwords from being stored unencrypted in config.json, I followed this guide to set up a secure credential store:
https://www.techrepublic.com/article/how-to-setup-secure-credential-storage-for-docker/
However, rather than asking me for the password and/or passphrase mentioned in this article, the login process makes me enter the actual passwords to the repos. So, the secure credential store may not be working, which might be causing the problem.
At any rate, once I log in and the two commands show login succeeded, I then try to do a
docker-compose pull
on the repos. When I do
sudo docker-compose pull
I get this final error:
docker.errors.DockerException: Credentials store error: StoreError('Credentials store docker-credential-pass exited with "exit status 2: gpg: WARNING: unsafe ownership on homedir '/home/myuser/.gnupg'\ngpg: decryption failed: No secret key".')
an ls of the .gnupg directory is
myuser#myhost$ ls -lA ~ | grep gnupg
drwx------ 4 myuser myuser 226 Feb 9 13:35 .gnupg
gpg --list-secret-keys shows my keypair when I run it as myuser.
I am assuming that what is happening is that because I am running as sudo the user trying to access this directory is root, not myuser, and so it is failing. However, if I leave off the sudo
docker-compose pull
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
I am guessing that this is because my normal user doesn't have the ability to connect to the docker daemon's Unix socket.
So, how do I make these play together? Is the answer to add a docker group so that the command still runs as myuser and not as root? or is there another way to do this?
Also, why is my credential store not asking me for the password set by docker-credential-pass or the GPG passphrase? I suspect these two are related. Perhaps the pull is trying to send my authentication tokens over again and can't because it doesn't have access to the secure credentials store.
All of the above are guesses. Does anyone know what is going on here?
Thanking you in advance,
Brad
I just wanted to follow up with a solution to this question that worked for me.
Firstly, you need to add your user to the docker group that was created during docker-engine's installation.
sudo usermod --append --groups docker your_user_name
Because I had already used sudo to try this, there were a few files that ended up being created by root.
So, you have to chown a few things.
sudo chown your_user_name:your_group_name ~/.docker/config.json
Note that for the group name I used
docker
but I'm not sure if that's necessary.
Then, there were files inside the ~/.password-store directory that needed to be changed.
sudo chown -R your_user_name:your_group_name ~/.password-store
Most of these files are already owned by you, but the recorded credentials are not.
Then, the magic that fixed it all. From
https://ask.csdn.net/questions/5153956
you have to do this.
export GPG_TTY=$(tty)
and it is this last that makes gpg work.
Then, you can log in to your repos if you have to without using sudo
docker login -u repo_user_name your_repo_host
and then log in with your repo password.
Note that I don't know why you have to use the repo password instead of using the stored credentials.
Once you log in, you should be able to do a
docker-compose pull
without sudo
from the directory where you want the containers to be placed.
Note that you will probably have to provide your GPG passphrase at first. I'm not sure about this because I had already unlocked the key by following the steps in the above link to check to see if docker-credential-pass had the right credential store password stored.
and that should do it.
I'm using terminal, I want to delete ssh keys from and old user (old_username) and set a new one (new_username). I have done as is in this tutorial.
When I run: ssh -T git#github.com I get the correct message:
`Hi new_username! You've successfully authenticated'.
But when I try to push a repository I get denied:
remote: Permission to new_username/test2.git denied to old_username.
fatal: unable to access 'https://github.com/new_username/test2/': The requested URL returned error: 403
I've tried deleting .ssh folder and setting again ssh, but the problem persists.
Using an https url means your ssh connection is not used. At all.
Try switching to ssh:
git clone git#github.com:new_username/test2
That will actually use your ssh credentials, meaning your public and private keys stored in ~/.shh/id_rsa(.pub).
If on Linux or OSX, check a file called ~/.netrc, which contains username/password information that most apps will use when connecting to remote servers. Yes, it even affects git via the https protocol. If you're using a frontend to connect to github, you probably need to clear its preferences so it stops trying to use the old username.