Sunday, December 31, 2017

ssh error "UNPROTECTED PRIVATE KEY FILE!"

My environment:

  • Windows 10 with powershell
  • chefdk-2.4.17-1
  • vagrant_2.0.1
  • VirtualBox-5.2.4
  • OpenSSH_7.6p1
  • "kitchen create" succeeded with a simple apache recipe, and "kitchen list" showed the instance was created

My Problem:

When run "kitchen login", I got error "UNPROTECTED PRIVATE KEY FILE!". The full error message is as following. It's version related, but similar error should have same root cause.

PS > kitchen login
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for '.../.kitchen/kitchen-vagrant/default-centos-72/.vagrant/machines/default/virtualbox/private_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key ".../.kitchen/kitchen-vagrant/default-centos-72/.vagrant/machines/default/virtualbox/private_key": bad permissions
vagrant@127.0.0.1's password:

Root Cause:

"kitchen login" executed 'ssh' commands, and 'ssh' is complaining the private key file is too open, others can read it, not secure so it refused to use it.

My Solution:

Set the proper permission using ACL. The idea is to use 'ssh-keygen' to generate a private key file which will have the proper ACL, then match previous private key file's ACL to this one. I assume you are in the directory which hosts keyfile 'private_key', and the following is running as administrator. After this, the 'kitchen login'/ssh doesn't complain anymore, and login successfully. This can also serve as a way to change file permission in powershell command line.

ssh-keygen -f C:\Windows\Temp\id_rsa -N dumppass
$Acl = Get-Acl C:\Windows\Temp\id_rsa
Set-Acl .\private_key $Acl
Posted by at No comments:

running root with error: cannot open file "iostream" (tmpfile)

running root, got the error message

 Error: cannot open file "iostream"  (tmpfile):2:
*** Interpreter error recovered ***
Error: cannot open file "DllImport.h"  (tmpfile):2:
*** Interpreter error recovered ***

Normally it's because you use the --prefix=dirname but without set the ROOTSYS environment first.
Posted by at 1 comment:

chef "kitchen login" failed with "ssh (Errno::ENOENT)"

My environment:

  • Windows 10 with powershell
  • chefdk-2.4.17-1
  • vagrant_2.0.1
  • VirtualBox-5.2.4
  • "kitchen create" succeeded with a simple apache recipe, and "kitchen list" showed the instance was created

My Problem:

When run "kitchen login", I got error "No such file or directory - ssh (Errno::ENOENT)". The full error message is as following. It's version related, but similar error should have same root cause.

 PS > kitchen login
C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:217:in `exec': No such file or directory - ssh (Errno::ENOENT)
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:217:in `login'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command/login.rb:36:in `call'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/cli.rb:52:in `perform'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/cli.rb:252:in `login'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/bin/kitchen:13:in `block in '
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/errors.rb:171:in `with_friendly_errors'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/bin/kitchen:13:in `'
        from C:/opscode/chefdk/bin/kitchen:267:in `load'
        from C:/opscode/chefdk/bin/kitchen:267:in `
'

Root Cause:

"kitchen login" is complaining that when it tried to run 'ssh' command, it didn't find it and failed. You can directly type 'ssh' in powershell, and you will be told that it's not recognized.

My Solution:

You can install any ssh client, as long as when you type 'ssh' in powershell, it prompts you a usage, then this problem of 'kitchen login' will be gone. In my case, I followed https://codehollow.com/2017/06/ssh-for-windows-powershell/ , installed "Open SSH for Powershell". I have to install chocolatey first followed the instruction.

Set-ExecutionPolicy Unrestricted
iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex
choco install openssh                # installs open ssh
refreshenv                           # reloads the environment variables 

Posted by at No comments:
Subscribe to: Posts (Atom)