I have accidentally changed permission of the .ssh folder to 600 and now I am not able to log in to the GCP server through SSH as it's giving me permission denied error.
**Connection Failed**
You cannot connect to the VM instance because of an unexpected error. Wait a few moments and then try again.
I tried multiple options like, ssh troubleshooting instance, enabling serial console, ssh private key login.
Thanks you in advance.
One of the simple ways to fix this would be to use a startup script. In this script just execute chmod 700 /path/to/your/.ssh.
The startup scripts are executed with root privileges, so it should be able to fix your problem with .ssh folder permissions.
So, what you need to do:
Set the startup script.
Restart the VM.
Wait a minute or two to make sure the script got executed.
Remove the startup script from the machine. (no need to restart again)
Thank you guys for all your support, my problem got solved by follwing below document:
Serial Console with local password using a startup script
Related
I am having permission denied for Jupyter notebook running on Ubuntu, AWS E2 instance. Below is the image for the error
I have tried to use other browser, reinstall it and clear cache. None of it works.
If your notebook is configured with some auth code (generated by notebook by default), and you've cleared your cache, and cookies, you will get the screen similar to below:
Here you can use the token shown in terminal, while running the notebook, the log will be similar to the below:
To access the notebook, open this file in a browser:
file:///home/ubuntu/.local/share/jupyter/runtime/nbserver-19740-open.html
Or copy and paste one of these URLs:
http://ip-123-1-1-123:8888/?token=abcdefghijl
or http://127.0.0.1:8888/?token=abcdefghijl
and if you want to run notebook without authentication you can run the below command:
jupyter notebook --ip='0.0.0.0' --NotebookApp.token='' --NotebookApp.password=''
Also try creating a new notebook, instead of accessing the Test.ipynb again, so that you can figure out if the issue is from the specific file or whole server.
The main reason is i don't have the permission to overwrite the file. First of all, i create the file at /home/ubuntu, which I don't have permission of. So i create a folder to store the file inside it. Other than that, i also done quite a lot modifications including adding the inbound rules and the permissions, i think some of it did help. I list out some of the website i think is very useful in tackling this issue:
PermissionError: [Errno 13] Permission denied: Cannot open Jupyter on Browser despite running correctly on AWS EC2 instance
https://stackoverflow.com/questions/53097180/permissionerror-errno-13-permission-denied-when-accessing-to-aws-ec2#:~:text=Make%20sure%20you%20type%20https,with%20version%2070%20or%20newer.
enter image description here
After changing the permissions, I don't get past this error
Most likely you changed the permission of the directory .ssh. This breaks SSH security. You should be able to create a startup script to change the directory /home/<username>/.ssh to 700.
Go to the Google Cloud Console
Go to Compute Engine -> VM instances
Stop the VM instance
Click the Edit button
Scroll down to the section Custom metadata
For the key enter startup-script
Enter the following for the value replacing <username> with your username:
#! /bin/bash
chmod 700 /home/<username>/.ssh
Restart the instance
Another method is to use the VM serial console:
Troubleshooting using the serial console
I need to create AWS CentOS 7 instance images for a customer, and need it to automatically send the ip and instance id to our AWS server every time the instance boots. For example, this is the very basic test version of the script I need to run:
#!/bin/bash
$serverIP=""
curl "https://$serverIP"/myphp.php?id='sentid'&ip='sentip'"
If the script is run directly, it works fine and is received by the server and processed there. But I can't get it to run at boot. I cannot put the script in the "User Data" directly due to security concerns as the customer can then see it easily, it needs to be in a script in the filesystem of the image.
I've tried several things that work fine on a physical Linux server, but not on AWS. I know profile.d runs every time someone logs in but over-sending like that is fine.
/etc/profile.d/myscript.sh
This stops the AWS instance from booting. Even just
#!/bin/bash/
echo "hello world"
prevents it from booting. The instance starts, but when you go to ssh into it you get 'Network Error: connection timed out', which is the standard error if you put a wrong ip in, or upset it by leaving a service like httpd enabled.
However, a blank bash script with just #!/bin/bash will allow the instance to start. Removing the script via user data usually makes it boot, sometimes it just dies.
The first thing I tried was crontab. I did:
crontab -e
#reboot /var/ook/myscript.sh
systemctl enable crond.service
But the instance wouldn't start. So I put "systemctl disable crond.service" in the User Data and one booted, but another still stayed dead. Myscript.sh was just another echo "doob" >> file which worked fine when run directly.
I tried putting in /etc/systemd/system/my-startup.service:
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/var/ook/writedood.sh
[Install]
WantedBy=multi-user.target
then:
systemctl enable my-startup.service
But this did nothing. My script "writedood.sh" was just echo "doob" >> ./file.txt ensuring file.txt was chmod 777. At least it didn't prevent the instance from starting.
To give context, an instance won't start if httpd is left enabled on shutdown, but will if you disable it in User Data.
I wanted to have a go at putting something in init.d but I'm not sure how to simply tell it to run a script once in the background, and given the plethora of success I've had so far with the instance not restarting, I'm not holding out much hope that that would work.
Thanks in advance!
EDIT::: I realised that sometimes AWS EC2 Instances Console is causing the problem where I can't ssh in after stopping and starting. It blanks the public ipv4 address when I click stop, but when I start, it puts the old address up and hangs. If I refresh the page, or uncheck/check the instance; the ip changes to the new address. This has caused much consternation.
Crontab worked if I placed the scripts and output file in different folders. It's very finicky; any errors, such as it not being able to write to the output file, and the instance won't start. I put startscript.sh in /usr/local/src, and output.out to /tmp/ to ensure there were no permissions problems, and now the instance starts and runs the script on boot.
I then realised that sometimes AWS EC2 Instances Console is causing the problem where I can't ssh in after stopping and starting. It blanks the public ipv4 address when I click stop, but when I start, it puts the old address up and hangs. If I refresh the page, or uncheck/check the instance; the ip changes to the new address. This has caused much consternation.
I can't connect VM on GCP as root on the browser SSH.
Is there anyone who had the same problem?
the following message is displayed.
You can drastically improve your key transfer times by migration to OS login.
It might be caused to set a password...
By default, you will login as the GCP user. Now, to log in as root please run the following command once SSH browser works.
sudo -s
If you cannot login with browser SSH, then I suspect a permission issue with that particular user.
The above is the recommended way of doing things, however if logging in as root is absolutely needed, please follow the steps below:
As root, edit the sshd_config file in /etc/ssh/sshd_config:
nano /etc/ssh/sshd_config
Make sure PermitRootLogin is set to “yes” and save the /etc/ssh/sshd_config file.
Restart the SSH server:
service sshd restart
Change username to root by clicking on the wheel on the top right corner and selecting “Change Linux Username"
Last night when I was trying to set up Jenkins, from the jenkins.war file, I was trying to enable security, via username/password for it. I clicked the "Disable read access to anonymous" checkbox, and right after doing that, I got this screen , even after logging in with the new credentials I just created. I have tried the following (which has resulted in this screen still):
removing anything on the EC2 that had to deal with Jenkins (sudo find / -name "*jenkins*" followed by sudo rm [-rf] on anything that popped up in the results)
re-visiting that site after doing the above option
re-installing the WAR file
installing Jenkins as a service
attempting login again
Is there a way out of this?
I should have checked the processes and killed the one that was Jenkins. The process somehow outlived its JAR/WAR executable!