Cannot scp a file into gcloud: Permission denied (publickey) - google-cloud-platform

I'm trying to copy a file into a compute instance using gcloud like this:
gcloud compute scp ./file.txt.bz2 root#instance-1:/home/mehran/
And I'm facing an error:
No zone specified. Using zone [us-central1-c] for instance: [instance-1].
root####.###.###.###: Permission denied (publickey).
lost connection
ERROR: (gcloud.compute.scp) [/usr/bin/scp] exited with return code [1].
I've also tested without root:
gcloud compute scp ./file.txt.bz2 instance-1:/home/mehran/
And facing the same error. This is in the case that I can ssh into the same instance without any issue:
gcloud compute ssh instance-1

Apparently, my user does not have the write permission to the home folder! Even a chmod 777 did not help. I ended up copying to /tmp folder and then pick it up from there!
For some reason, the ssh (web-based) and scp were using different users. That's why my scp user didn't have access to that folder. It was trying to write into another user's home folder.

Even though this post seems solved, I had a similar issue: I could SSH into the instance but could not scp. Turns out the folder on my instance did not have read/write permissions so I could not copy (write) into that folder.
Give permissions:
chmod 777 <folder-name>
Copy file/folder to folder in instance:
sudo gcloud compute scp <file-to-copy> <username>#<instance-name>:<folder-to-copy-to-which-requires-permissions> --zone <zone> --project <project-id>

Related

Issue using gcloud scp

I am trying to transfer a file from a Google Compute Engine VM instance to my local machine using gcloud scp. I am able to confirm that I am logged in to the Google Cloud account using:
gcloud config list
However when I execute the gcloud scp command, I see following error message:
ERROR: (gcloud.compute.scp) You do not currently have an active account selected.
Not sure why I am seeing the error even if I am logged in.
Here is how I am executing the command:
gcloud scp <instance_name>: <remote_file_path> .
Thanks in advance!

How to copy a file from one gcp instance to another gcp instance in same project

I am currently running 29 instances in each available regions on GCP. And I need all of the instances to have some python script file.
As I was getting tired to upload them manually through the console 29 times, I was wondering if there's a way to upload the script in only one instance, and copy them all over to 28 other instances with gcloud scp command?
Currently, I was trying the following:
sudo gcloud compute scp --zone='asia-east1-b' /home/file.txt instance-asia-east1:/home/
The code above is trying to scp "file.txt" over to the instance-asia-east1.
I included the sudo command as it was having some permission issues. But after adding the sudo, I get another error message:
root#000.000.000.00: Permission denied (publickey).
lost connection
ERROR: (gcloud.compute.scp) [/usr/bin/scp] exited with return code [1].
What can be the issue, and how can I resolve this?
You should avoid using sudo.
If you add --verbosity=debug to (any but in this case) gcloud compute ssh or gcloud compute scp command, you'll see that gcloud invokes your host's (probably /usr/bin) ssh and scp commands. It uses a private key that was generated by gcloud using your credentials (gcloud config get account or the default gcloud auth list).
gcloud compute scp \
${PWD}/${FILE} \
${INSTANCE}:. \
--project=${PROJECT} \
--zone=${ZONE} \
--verbosity=debug
Yielding:
DEBUG: Running [gcloud.compute.scp] with arguments: ...
...
DEBUG: Current SSH keys in project: ['...:ssh-rsa ... user#host']
DEBUG: Running command [/usr/bin/scp -i .../.ssh/google_compute_engine -o ...
INFO: Display format: "default"
DEBUG: SDK update checks are disabled.
NOTE /usr/bin/scp -i .../.ssh/google_compute_engine ...
When you run as sudo, even if you copy your credentialed user's google_compute_engine SSH keys (to e.g. /root/.ssh), the authenticated user won't match, unless you also duplicate the gcloud config...
I recommend you solve the permission issue that triggered your use of sudo.

Permission denied error when ssh to a newly added user in google cloud compute engine

I created a sudo user in a newly created google cloud compute machine (debian) and added a new system user using the below commands
ssh into the instance using this command: gcloud compute ssh instance-name --zone=us-central1-a
created a sudouser by running running this command sudo adduser admin_user
I can see the new user gets added by running the below command less /etc/passwd admin_user:x:1002:1003::/home/admin_user:/bin/sh
The user group also I verified by running groups admin_user . this is the output admin_user : admin_user sudo google-sudoers
But when I try to ssh to that instance from my local machine
gcloud compute ssh --project project_name --zone us-central1-a admin_user#instance-name
its giving the following error.
admin_user#32.29.134.441: Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
Could anyone please help how to solve this
The possible causes for a Permission denied (publickey) error are:
Your key expired and Compute Engine deleted your ~/.ssh/authorized_keys file.
You used an SSH key stored in metadata to connect to a VM that has OS Login enabled.
You used an SSH key stored in an OS Login profile to connect to a VM that doesn't have OS Login enabled.
You connected using a third-party tool and your SSH command is misconfigured.
The sshd daemon isn't running or isn't configured properly.
It looks like the first one fits the best for you. To solve this error add the SSH keys as it is explained in this link

Got permission denied in ssh in aws instance

I have install git in my EC2 instance.
git version 2.14.5
I have create a new IAM user and give codeCommit permission.
In next, I have follow all the steps one by one from this link. which works fine.
At the 8th step I have add this code in my config file.
Host git-codecommit.*.amazonaws.com
User {{SSH KEY ID}}
IdentityFile ~/.ssh/id_rsa
Then I have assign 600 to config.
And then I have fire this command to test my SSH.
ssh git-codecommit.us-east-2.amazonaws.com
Error
Permission denied (publickey).
Can any one help me to fixed this issue ?
Can you retry the process with 400 permission on the ssh key
chmod 400 <key>.pem
If your goal is to access a repository from CodeCommit, you can do it with:
git clone ssh://git-codecommit.us-east-2.amazonaws.com/repo-name
If you try to ssh directly to CodeCommit, the connection will be denied with the message:
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.

AWS EC2 Permission denied

When i try to log in into EC2 instance through ssh, i got the below error Permission denied (publickey)
I checked the host name and username, everything is fine. Wrongly i given the chmod -R 777 . from ec2 instance root directory when i was logged at last time, After that i could not able connect to instance. I need some files from ec2-instance. Is there any way to get log in into ec2?. Also i tried with new instance. Its working.
Is there any possibility?
I haven't tried this myself, but I don't see why it wouldn't work.
Try snapshotting your instance (create image button from ec2 console). Once complete, find your snapshot in the Ec2 console. It should be backed by an EBS volume with an id of the pattern "vol-xxxxxxxx".
Spin up a new instance and attach "vol-xxxxxxxx" as secondary storage. SSH to the new instance and mount the device "vol-xxxxxxxx" correlates to (e.g. /dev/xvdf) to a temp directory and find the files you're looking for.
Detach your root volume and attach to another instance.
Login to the ec2 instance
mkdir tempfolder
sudo mount /dev/svdf1 (normally /dev/svdf1, you can list out your volumes to make sure)
cd tempfolder/home
chmod 700 -R ec2-user
sudo umount tempfolder
Detach volume and attach it to old instance, remember it's root instance so you attach it with name "/dev/xvda".
I faced the similar problem.
you will not able to re-cover the old instance, just create new instance and set the permissions
chmod 777 (don't use -R) option, then your problem will be resolved.
One reason can be that your key file is not publicly viewable for SSH to work. Use this command if needed:
chmod 400 mykey.pem
Also keep in mind the correct user id for EC2(ec2-user) instance and the command:
ssh -l ec2-user -i .ssh/yourkey.pem public-ec2-host
Use Winscp to revert the permission change.
Recently I had accidentally changed the "/home/ec2-user" directory permissions to 777 using putty. I was immediately logged out. I was also logged into the server using "Winscp" and it didn't get disconnected after chaging the permissions.
The solution is change the permission on "/home/ec2-user" back to 700 using Winscp and I was able to log back in. It worked for me. Winscp saved me a lot of trouble.