Cannot SSH-COPY-ID to unifi device.
lslamp opened this issue · 3 comments
I have tried to follow your instructions It might be that I am misunderstanding the where and what to copy.
Please clarify if I am doing something incorrectly.
On my zabbix server, in my users home directory, I ran all the necessary commands.
sudo mkdir ~/.ssh/zabbix && sudo chown zabbix ~/.ssh/zabbix && cd ~/.ssh/zabbix
sudo -u zabbix ssh-keygen -P "" -t rsa -m pem -f zb_id_rsa
This is the results. As you can see the files are owned by zabbix.
username@zabbix:$ ls -ltr .ssh/zabbix/$ sudo -u zabbix ssh-copy-id -i /home/username/.ssh/zabbix/zb_id_rsa 192.168.1.1
total 8
-rw-r--r-- 1 zabbix zabbix 567 Apr 26 12:16 zb_id_rsa.pub
-rw------- 1 zabbix zabbix 2455 Apr 26 12:16 zb_id_rsa
username@zabbix:
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/home/username/.ssh/zabbix/zb_id_rsa.pub': Permission denied
I have also added the public key into the unifi controller. This was no issue.
Is it possible that I should do the ssh-copy-id to the unifi server and not to my gateway?
I also tried your script that you created.
username@zabbix:~$ ./updatePublicKey.sh -i /home/username/.ssh/zabbix/zb_id_rsa -u zabbix -R -4 -n user@192.168.1.1
Host 192.168.1.1 found: line 12
/home/username/.ssh/known_hosts updated.
Original contents retained as /home/username/.ssh/known_hosts.old
Warning: Identity file /home/username/.ssh/zabbix/zb_id_rsa not accessible: Permission denied.
Need to update public key for user@192.168.1.1
Password:
Password:
username@zabbix:~$
Thanks for your input with what I am doing wrong.
Lawrence
Clearly a permission issue..
How about the permissions on the directory /home/username/.ssh/zabbix/ ?
Also what user are you when you run those commands?
Dear @patricegautier
I am pretty sure that the username is not important because I am using sudo to run the commands. (as advised on the notes.)
I do not want to publish my username on an open forum.
below is the answer to your question.
username@zabbix:$ ls -ltra$ ls -ltr .ssh/
total 136
drwxr-xr-x 4 root root 4096 Jun 26 2022 ..
-rwxr-xr-x 1 username username 2898 Apr 25 19:23 updatePublicKey.sh
drwxr-xr-x 15 username username 4096 Apr 25 19:30 .
drwx------ 3 username username 4096 Apr 30 14:46 .ssh
username@zabbix:
-rw------- 1 username username 1147 Apr 22 12:18 authorized_keys
-rw-r--r-- 1 username username 3404 Apr 25 21:21 known_hosts.old
drwxr-xr-x 2 zabbix zabbix 4096 Apr 26 12:16 zabbix
-rw-r--r-- 1 username username 3182 Apr 30 14:45 known_hosts
username@zabbix:$ ls -ltr .ssh/zabbix/$
total 8
-rw-r--r-- 1 zabbix zabbix 567 Apr 26 12:16 zb_id_rsa.pub
-rw------- 1 zabbix zabbix 2455 Apr 26 12:16 zb_id_rsa
username@zabbix:
Is it possible that the .ssh/zabbix directory should be placed in a different location.
My zabbix user is a system user and as such does not have a home directory and cannot login.
Thanks
Lawrence