Mac OSX Lion 10.7.
In an effort to get around weird environment stuff (homebrew wasn't installing wget, and I had all sorts of weird blocks and errors), I uninstalled zschrc and homebrew and a bunch of other stuff, then installed fish shell.
Now, whenever I try to push/pull to/from github, I get this error:
The authenticity of host 'github.com (204.232.175.90)' can't be established.
RSA key fingerprint is <string of colon-separated chars that I should probs keep private>.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/Users/sasha/.ssh/known_hosts).
So I tried to check the permissions of my ~./ssh folder, and got this, which looks fine to me:
-rw-r--r-- 1 sasha staff 97B Jul 9 22:56 config
-rw------- 1 sasha staff 1.7K May 16 2012 id_rsa
-rw-r--r-- 1 sasha staff 403B May 16 2012 id_rsa.pub
drwx------ 5 sasha staff 170B Jul 15 09:56 known_hosts
All that's in known_hosts is a pem file I used for ssh'ing (also with the "authenticity..." prompt) to an Amazon ec2 instance, though I tried copying id_rsa and id_rsa.pub there when things got desperate.
Any idea what's going on? I'd love to fix this so I don't get prompted all the many times I push/pull.
EDIT I followed these instructions successfully a while ago, so I do have my ssh keys on Github, and they're recognized, so that when I run ssh -T git#github.com, I get
Hi sashafklein! You've successfully authenticated, but GitHub does not provide shell access.
It seems to be exclusively my local computer that's unhappy with my ssh situation.
In your specific case, your known_hosts is a folder, so you need to remove it first.
For other people which experiencing similar issue, please check the right permission to your ~/ssh/known_hosts as it may be owned by different user (e.g. root). So you may try to run:
sudo chown -v $USER ~/.ssh/known_hosts
to fix it.
This is the solution i needed.
sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R ${USER} ~/.ssh/
sudo chgrp -R ${USER} ~/.ssh/
For guys on Ubuntu, if you get this error:
Failed to add the host to the list of known hosts
Then simply delete the known_hosts file, and re-run your ssh. This will regenerate the known_host file with appropriate permissions, and add the remote host you are trying to ssh into to this file.
I think the OP's question is solved by deleting the ~/.ssh/known_hosts (which was a folder, not a file). But for other's who might be having this issue, I noticed that one of my servers had weird permissions (400):
-r--------. 1 user user 396 Jan 7 11:12 /home/user/.ssh/known_hosts
So I solved this by adding owner/user PLUS write.
chmod u+w ~/.ssh/known_hosts
Thus. ~/.ssh/known_hosts needs to be a flat file, and must be owned by you, and you need to be able to read and write to it.
You could always declare known_hosts bankruptcy, delete it, and continue doing things as normal, and connecting to things (git / ssh) will regenerate a new known_hosts that should work just fine.
Shouldn't known_hosts be a flat file, not a directory?
If that's not the problem, then this page on Github might be of some help. Try using SSH with the -v or -vv flag to see verbose error messages. It might give you a better idea of what's failing.
This command worked for me,
sudo chown -v $USER ~/.ssh/known_hosts
as mentioned by #kenorb.
The error was coming due to broken permissions, for the current user.
Okay so ideal permissions look like this
For ssh directory (You can get this by typing ls -ld ~/.ssh/)
drwx------ 2 oroborus oroborus 4096 Nov 28 12:05 /home/oroborus/.ssh/
d means directory, rwx means the user oroborus has read write and execute permission. Here oroborus is my computer name, you can find yours by echoing $USER. The second oroborus is actually the group. You can read more about what does each field mean here. It is very important to learn this because if you are working on ubuntu/osx or any Linux distro chances are you will encounter it again.
Now to make your permission look like this, you need to type
sudo chmod 700 ~/.ssh
7 in binary is 111 which means read 1 write 1 and execute 1, you can decode 6 by similar logic means only read-write permissions
You have given your user read write and execute permissions. Make sure your file permissions look like this.
total 20
-rw------- 1 oroborus oroborus 418 Nov 8 2014 authorized_keys
-rw------- 1 oroborus oroborus 34 Oct 19 14:25 config
-rw------- 1 oroborus oroborus 1679 Nov 15 2015 id_rsa
-rw------- 1 oroborus oroborus 418 Nov 15 2015 id_rsa.pub
-rw-r--r-- 1 oroborus root 222 Nov 28 12:12 known_hosts
You have given here read-write permission to your user here for all files.
You can see this by typing ls -l ~/.ssh/
This issue occurs because ssh is a program is trying to write to a file called known_hosts in its folder. While writing if it knows that it doesn't have sufficient permissions it will not write in that file and hence fail. This is my understanding of the issue, more knowledgeable people can throw more light in this.
Hope it helps
to me, i just do this :
rm -rf ~/.ssh/known_hosts
then :
i just ssh to the target host and all will be okay.
This only if you dont know, what permission and the default owner of "known_hosts" file.
just in case anyone else encounters this error message and the permissions on .ssh and .ssh/known_hosts look good.
My problem was that I had installed gh from snap and snap apps have limited access to the file system and apparently could not access .ssh. The solution is to remove the snap installation and install from apt.
It happened to me simply because of broken permissions. My user did not have read nor write access to that file. Fixing permissions fixed the problem
I generated the "ssh" key again and added to my git account. This worked for me.
Please find following commands to generate the "ssh-key":
$ ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
-> This creates a new ssh key, using the provided email as a label.
Generating public/private rsa key pair.
-> When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.
Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter]
-> At the prompt, type a secure passphrase. For more information, see "Working with SSH key passphrases"
Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]
-> Your key is generated, to copy the key:
$ sudo cat /root/.ssh/id_rsa-pub
Hope this works!
For anyone interested, this one worked for me in Ubuntu:
Go to .ssh directory.
$ cd ~/.ssh
Remove the known_hosts file.
$ rm known_hosts
Re-push your Git changes.
I was having this issue and found that within ~/.ssh/config I had a line that read:
UserKnownHostsFile=/home/.ssh-agent/known_hosts
I just modified this line to read:
UserKnownHostsFile=~/.ssh/known_hosts
That fixed the problem for me.
It may be due to the fact that the known_hosts file is owned by another user i.e root in most cases.
You can visit the path directory given (/home/taimoor/.ssh/known_hosts in my case) and check if the root is the owner and change it to the default owner.
Example:
Error Description -
Before changing the owner -
After changing the owner -
"Failed to add the host to the list of know hosts"
Was also my error.
I tried chancing owner and rights.
And then i did see that it tried to write to "~/.ssh/known_hosts.d/"
Failed to add the host to the list of known hosts (~/.ssh/known_hosts.d/<hostname>).
if this also happens to you,
just create the folder:
mkdir ~/.ssh/known_hosts.d
chmod 700 ~/.ssh/known_hosts.d
While this wouldn't have Solved the Problem of the Original Poster, (since his system tryed to write to the "~/.ssh/known_hosts" file and not to an systemd directory like "~/.ssh/known_hosts.d/") i thought it would help others who searched for the same error message.
The difference is that when an system tries to write to an known_hosts file all host data will be contained there.
While in the directory it will create an file for each host in that directory.
For more info on such directories -> https://askubuntu.com/questions/7648/many-directories-have-a-d-suffix-extension-what-does-it-mean
#check permissions of directory and files.
ls -la ~/.ssh/
#in my case, ~/.ssh/known_hosts was owned by root.
sudo chown xxx:xxx ~/.ssh/known_hosts
#where xxx = my username
#then ssh to some server, the warning message will still appear until you have ssh'd in successfully once, to verify, exit and ssh in again.
Check permissions of the file, if it is good check parent directories
I had to correct
/home/sravindr/.ssh permissions which worked for me
it works with me when I tried the following commands
sudo chown $my_user .ssh/id_rsa
sudo chown $my_user .ssh/id_rsa.pub
sudo chown $my_user .ssh/known_hosts
This command worked for me,
sudo chmod +x ~/.ssh/known_hosts
I couldn't solve this despite all the above answers.
My solution was to move from ssh to https.
Related
I am following a tutorial from freeCodeCamp.org and at the part where I generate a SSH key (timestamp 20:30), my terminal is saying
zsh: permission denied: /Users/michael .
I am entering the following as instructed
~ ssh-keygen -t rsa -b 4096 -C "myemail#gmail.com"
I have tried changing security permissions for the terminal in system preferences to allow it to run software that doesn't met the security policy and that doesn't help.
Weirdly, when i tried this the first time, it worked, however when i tried to view the actual key in the terminal it gave my the permissions error message from above so I figured I must have done something wrong, so I deleted the keys it had made in my users directory and started again, only to find that it now won't even generate a key in the first place.
As I say, I am very new to this so I apologise if it is something basic that I am asking but any help would be greatly appreciated.
Thanks for reading.
~ is just part of the user's prompt in the video. The actual command is just
ssh-keygen -t rsa -b 4096 -C "myemail#gmail.com"
In a shell command, ~ is expanded to the user's home directory, so your shell thinks you wanted to execute a command named /Users/michael with arguments ssh-keygen, -t, etc.
I have a simple script that is unzipping a file to a mounted Windows share. It is normally launched as a Postfix alias when a new email arrives, but even when I run it as root I get a permission denied error.
The script is doing this:
if ( </tmp/*.zip> ){
unzip '</tmp/*.zip>' => '</mnt/win/#1.txt>'
or die "unzip failed: $UnzipError\n";
}
As root I can copy files to /mnt/win without a problem, but when this script is launched by Postfix it fails with permission denied.
/etc/fstab looks like:
//srvr1/tmp /mnt/win cifs credentials=/root/.smbcredentials,iocharset=iso8859-1,sec=ntlm 0 0
ls -ld looks like:
drwxr-xr-x 2 root root 196608 Jul 15 17:24 /mnt/win
Files produced by the script are nobody/nogroup, but I'm not sure how I change the permissions of /mnt/win to allow nobody/nogroup to read/write.
cmhod -R ugo+RW /mnt/win
Also gives permission denied. Is there a way to change permissions in /etc/fstab to allow nobody/nogroup?
You need to use this command to change the permissions of folder & files inside it.
sudo chmod -R R+X /mnt/win
If you want to change the user of the file as well which is nobody/nogroup rightnow, you can use this commands :
sudo chown -R username.username /mnt/win/
Here you can choose any user's name e.g. mine is mukesh
sudo chown -R mueksh.mukesh /mnt/win/
I am trying to setup CVS on one our server ( let's call it JEDI). Then there is production server called DVADER.
I am able to log in from DVADER to JEDI using cvs login command with production user STWAR. However, as soon as I do cvs status I get following error :
Fatal error, aborting.
dsicnspr: no such system user
I have setup .passwd in CVSROOT folder for production user STWAR account on DVADER as shown below.
STWAR:hsfwfewiiu34de
However, there is no account of STWAR which is our production id on JEDI which is CVS server. So there is no entry of STWAR in /etc/passwd file on JEDI. I also tried using SystemAuth=no in config file inside CVSROOT but that is not working.
JEDI the CVS Server is also used for development and have other user account e.g. LIA who are able to login to JEDI.
Can anyone please tell me how to get rid of this error ? Do I need to setup account for STWAR
on JEDI and make an entry in /etc/passwd file ?
http://blog.jdknight.me/2015/03/how-to-setup-cvs-server-pserver-on.html
sudo chown -R :cvs /opt/cvsroot
sudo chmod -R g+ws /opt/cvsroot
(if you have selinux enforcing)
semanage fcontext -a -t cvs_data_t '/opt/cvsroot(/.*)?'
restorecon -R -v /opt/cvsroot
For example:
[root#*** ~]# ls -l /usr/local/repo/CVSROOT/passwd*
**-rw-rwSr--**. 1 root cvs 23 Nov 30 10:51 /usr/local/repo/CVSROOT/passwd -> no error
**-rw-r--r--**. 1 root cvs 1033 Dec 10 13:59 /usr/local/repo/CVSROOT/passwd.backup -> error as your questions above!
i'm on CentOS 6.5 now,
installed mod_evasive some time ago but email notify and logging never worked...
into messages log i have many lines like this...
mod_evasive[4548]: Couldn't open logfile /var/log/httpd/evasive/dos-157.xxx.xxx.xxx: Permission denied
on CentOS I thought that the owner of the directory /var/log/httpd/evasive should be "apache" and that is with 755..
no way...
then, mailx is already installed and updated... someone says to see into mod_evasive20.c but i can't find this mod_evasive20.c file on my CentOS... where can be? is it possible to send with sendmail instead of mailx? thanks
On CentOS /var/log/httpd has permission 700 and is owned by root, so you need to move /var/log/httpd/evasive to /var/log/evasive and do:
chown 0:apache /var/log/evasive
chmod 770 /var/log/evasive
If you use SELinux:
semanage fcontext --add -t httpd_sys_rw_content_t "/var/log/evasive(/.*)?"
restorecon -r /var/log/evasive
And add this line to /etc/httpd/conf.d/mod_evasive.conf:
DOSLogDir /var/log/evasive
Ok, you're facing two problems, first file permission to mod_evasive logdir and second the mail command isn't found.
1) file permission to "DOSLogDir"
You must ensure the apache's user has execute and write permissions through the whole directory tree to target "DOSLogDir".
See this example from an ubuntu system
root#ubuntu:/var/log# ll
drwxr-xr-x 3 root adm 4096 Mar 10 14:06 apache2/
root#ubuntu:/var/log# ll apache2
drwxrwxr-x 2 root www-data 4096 Mar 10 14:25 mod_evasive/
root#ubuntu:/var/log# ll apache2/mod_evasive/
-rw-r--r-- 1 www-data www-data 5 Mar 10 14:25 dos-172.16.245.1
-rw-r--r-- 1 www-data www-data 5 Mar 10 14:19 dos-172.16.245.129
2) access mail binary
The mail binary is defined in mod_evasive20.c indeed, row 45 :
#define MAILER "/bin/mail %s"
Try to get a symlink on mailx to be used by mod_evasive
ln -s $(which mailx) /bin/mail
understood,
for whom have the same problem hope this helps...
if mod_evasive is not able to write on the dir it doesn't even send the email
so commented out the DOSLogDir and so it writes to tmp...
don't know if can use another directory but for the moment problem is solved
I had faced the same issue while creating new project into the centos7.
ErrorLog /var/log/httd/mydomain_error.log
CustomLog /var/log/httpd/mydomain_access.log
Solution:
You need to disable the SELinux and Your issue will be resolved.
FOr that you need to follow the following steps.
1) Check the SELinux Status
sestatus
OutPut will be like this
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
2) Disable SELinux
You can temporarily change the SELinux mode from targeted to permissive with the following command:
sudo setenforce 0
You can see more here : https://linuxize.com/post/how-to-disable-selinux-on-centos-7/
Keys are properly deployed in ~/.ssh/authorized_keys
Yet ssh keeps on prompting for a password.
Several issues, mostly privileges - but also related to SELinux on RedHat 6
The following script should fix them all, please replace <user>:<group> with your matching userid and group
chown -R <user>:<group> ~/.ssh
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
restorecon -R -v ~/.ssh
I'd agree with the changes above working on most linux variants in the root account.
I have had a problem with RedHat 6.3 with trying to get a postgres user account to use DSA auth. (6.3 running in VirtualBox)
The issue can be that the basic selinux permissions are wrong. Restorecon wont help in this case.
(After restorecon)
drwx------. postgres postgres unconfined_u:object_r:var_lib_t:s0 .ssh
I have fixed this with :
chcon -R -t ssh_home_t .ssh
This resolved this instance of the problem.
I had also this same issue, the proposed solution above did not solve the case for me. To summarise instructions abowe together:
Check following logfile on target system for possible details of errors: /var/log/secure
Permission of files in users ~/.ssh directory should be 600 and files should be owned By "user:group"
Permission of ~/.ssh directory should be 700 and owned By "user:group"
Permission of home directory of user ie. "~" (="~/.ssh/..") should be 755. If permissions are f.ex 775, ssh key autenthication failed in my system.
br
bruno
The above answer is quite good, I have an addition & a suggestion. The addition is in line 2 below, as home directory permissions not be more permissive than rwxr-x--- for ssh key authentication.
cd ~
chmod g-w,o-rwx .
chmod 700 .ssh
cd .ssh
chmod 600 *
chmod 644 authorized_keys
chmod 644 known_hosts
chmod 644 config
restorecon -R -v ../.ssh
The suggestion is to make use of the -vv option when testing.