ssh login successful, but scp password gives me "Permission denied"
Solution 1
Your user account on the remote host probably does not have write permissions to the /home/www/remotedirectory/
directory. You can test this by running:
scp -v phpinfo.php [email protected]:/tmp/phpinfo.php
Once this has been confirmed to work, you can set permissions and/or ownership on that directory. For a quick fix, chmod 777 /home/www/remotedirectory/
as root will work, but this is not a secure solution. Depending on how the server is used, better would be to change the directory's group using chgrp
to a group that you want all writers to that directory to be in and chmod g+w /home/www/remotedirectory/
Solution 2
This is purely a permissions problem. The user "remoteuser" on "remoteserver" doesn't have permissions to write files to /home/www/remotedirectory/phpinfo.php
. See this error in your scp -v ..
commands output:
debug1: Sending command: scp -v -t /home/www/remotedirectory/phpinfo.php
Sending file modes: C0644 20 phpinfo.php
Sink: C0644 20 phpinfo.php
scp: /home/www/remotedirectory/phpinfo.php: Permission denied
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
You can confirm this by ssh'ing into "remoteserver" just like you did originally and try and touch
a file in this directory:
$ ssh remoteuser@remoteserver
on remoteserver
$ touch /home/www/remotedirectory/afile
touch: cannot touch ‘/home/www/remotedirectory/afile’: Permission denied
You can see the ownership of this directory with this command:
$ ls -ld /home/www/remotedirectory
drwxrwx---. 125 someuser somegroup 16384 Feb 22 14:03 /home/www/remotedirectory
So you'll need to either change the permissions here or take care to add "remoteuser" to the group "somegroup".
Related videos on Youtube
YANewb
I've built lots of small websites, but I either had a server admin who handled all server maintenance and upgrades, or I was working on my local machine and have used packages (e.g., RVM, MacPorts, ) so I could get to coding with as little server and system set-up as possible. Recently I inherited control of an existing web server and can't get even the most simple of things to work.
Updated on September 18, 2022Comments
-
YANewb almost 2 years
I'm trying to get some blogging software up on an organizational remote server. I tried to set up a SSH Key but was having problems and decided that getting the blog up and running was more important than dealing with the SSH Key issue, so I
ssh-keygen -R remoteserver.com
.Now I can successfully login with
ssh -v [email protected]
and the correct password. Once logged in I can move around and read any file and directory that I should be able to read.But when I try to edit an existing
-rw-r--r--
file with VIM, it shows up as read-only, if I try to edit permissions I getchmod: file.ext: Operation not permitted
, and if I try toscp
a new file from my local machine I'm prompted for the remote user's password, and then getscp: /home/path/to/file.ext: Permission denied
.Since I didn't have any of these problems before I tried to set up the ssh key, I suspect these anomalies are a side effect of that, but I don't know how to troubleshoot this. So what does a foolish server-newb, such as myself, need to do to get edit capability back as a remote user?
Addendum 1:
My userids are different between my local machine and the remote server.
- For ssh I
ssh -v [email protected]
.- if I
whoami
I getremoteuser
- if I
- For scp I
scp file.ext [email protected]:/path/to/file.ext
from the local directory withfile.ext
while logged in as the local user.- if I
whoami
I getlocaluser
- if I
The
ls -l
for two different files I've tried scp:-rw-r--r--@ 1 localuser localgroup 20 Feb 11 21:03 phpinfo.php -rw-r--r-- 1 root localgroup 4 Feb 11 22:32 test.txt
The
ls -l
for the file I've tried to VIM:-rw-r--r-- 1 remoteuser remotegroup 76 Jul 27 2009 info.txt
Addendum 2:
In the past I've set up ssh-keys for git repositories. I don't want to completely destroy them, so in an attempt to follow a deer's train of thinking I renamed my
~/.ssh/
to~/.ssh-bak/
, then tested the different types of access. The abridged version of the terminal commands and results is below; I think everything is working until the 8th line from the end.ssh -v
localcomputer:~ localuser$ ssh -v [email protected] OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to remoteserver.com [###.###.###.###] port 22. debug1: Connection established. debug1: identity file /Users/localuser/.ssh/identity type -1 debug1: identity file /Users/localuser/.ssh/id_rsa type -1 debug1: identity file /Users/localuser/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2 FreeBSD-20110503 debug1: match: OpenSSH_5.8p2 FreeBSD-20110503 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host 'remoteserver.com (###.###.###.###)' can't be established. RSA key fingerprint is ##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'remoteserver.com,###.###.###.###' (RSA) to the list of known hosts. debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /Users/localuser/.ssh/identity debug1: Trying private key: /Users/localuser/.ssh/id_rsa debug1: Trying private key: /Users/localuser/.ssh/id_dsa debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. Last login: Sun Feb 12 18:00:54 2012 from 68.69.164.123 FreeBSD 6.4-RELEASE-p8 (VKERN) #1 r101746: Mon Aug 30 10:34:40 MDT 2010
remote permissions
[remoteuser@remoteserver /home]$ ls -l total ### -rw-r--r-- 1 remoteuser remotegroup 76 Aug 12 2009 info.txt [remoteuser@remoteserver /home]$ vim info.txt ~ {at the bottom of the VIM screen it tells me it's [read only]} [remoteuser@remoteserver /home]$ whoami remoteuser [remoteuser@remoteserver /home]$ logout debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 debug1: channel 0: free: client-session, nchannels 1 Connection to remoteserver.com closed. Transferred: sent 3872, received 12496 bytes, in 107.4 seconds Bytes per second: sent 36.1, received 116.4 debug1: Exit status 0
scp -v
localcomputer:localdirectory name$ scp -v phpinfo.php [email protected]:/home/www/remotedirectory/phpinfo.php Executing: program /usr/bin/ssh host remoteserver.com, user remoteuser, command scp -v -t /home/www/remotedirectory/phpinfo.php OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to remoteserver.com [###.###.###.###] port 22. debug1: Connection established. debug1: identity file /Users/localuser/.ssh/identity type -1 debug1: identity file /Users/localuser/.ssh/id_rsa type -1 debug1: identity file /Users/localuser/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2 FreeBSD-20110503 debug1: match: OpenSSH_5.8p2 FreeBSD-20110503 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'remoteserver.com' is known and matches the RSA host key. debug1: Found key in /Users/localuser/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /Users/localuser/.ssh/identity debug1: Trying private key: /Users/localuser/.ssh/id_rsa debug1: Trying private key: /Users/localuser/.ssh/id_dsa debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending command: scp -v -t /home/www/remotedirectory/phpinfo.php Sending file modes: C0644 20 phpinfo.php Sink: C0644 20 phpinfo.php scp: /home/www/remotedirectory/phpinfo.php: Permission denied debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK Transferred: sent 1456, received 2160 bytes, in 0.6 seconds Bytes per second: sent 2322.3, received 3445.1 debug1: Exit status 1
-
ott-- over 12 yearsWhat is your userid and id on the remote server, and what does
ls -l
show for the file you can't change? -
gokva over 12 yearswhen you say, you didn't have any problems before, what was the before situation?
-
YANewb over 12 years@TomH - Before I started mucking around with ssh-keys I was able to edit files from the remote server and upload new files to the remote server. I had problems implementing an ssh-key for the server in question, and when I tried to revert to the non-ssh-key login method I had previously been using, I lost write capability, but I can still read.
-
cjc over 12 yearsThis is so bizarre. Are you sure the filesystem is mounted read-write? Run
mount
. Can you also show the contents of the authorized_keys file? -
YANewb over 12 years@cjc I'm not familiar with
mount
. If you meant something else, please let me know. [remoteuser@remoteserver ~]$ mount /dev/aacd0s1e on / (ufs, local, with quotas) /dev/aacd0s1e on /skel (ufs, local, with quotas, read-only) devfs on /dev (devfs) /dev/aacd0s1d on /ports (ufs, local, read-only) /dev/aacd1s1e on /backup (ufs, local, read-only)
- For ssh I