https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006307#M750321 Hi,<BR /><BR />Please look at your syslog.log file for explanation.<BR />I had the same problem when ssh to another user and it's permission was set (temporarily) to 777. The syslog.log file told me very clear that these permissions were not allowed. <BR />The point about the mounted nfs FS is totaly new for me, but of course can be the case too. Please let us know what the real problem was. I am very interested in the NFS mount option.<BR /><BR />Regs David Wed, 25 Jun 2003 08:16:57 GMT David_246 2003-06-25T08:16:57Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006302#M750316 I can ssh into an HPUX 10.20 box with no problems but when I try to use sftp for certain user accounts I get the following error.<BR /><BR />Couldn't canonicalise: Permission denied<BR />Need cwd<BR /><BR />It seems to me that this refers to a permission problem with the accounts home directory but I tried that angle and opened it completely (777) with the same result. Any insight into this problem will be greatly appreciated. Tue, 24 Jun 2003 20:58:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006302#M750316 Unix Admin 2003-06-24T20:58:54Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006303#M750317 Hi,<BR /><BR />You said it worked for certain users.<BR /><BR />See if the local id of the user matches id on the remote system.<BR /><BR />Do not set the permissions to 777. ssh will stop working completely if you set the parameter "StrictModes Yes".<BR /><BR />-Sri Tue, 24 Jun 2003 21:39:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006303#M750317 Sridhar Bhaskarla 2003-06-24T21:39:43Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006304#M750318 Hi Sridhar,<BR /><BR />Thanks for replying. I currently have the "Strict modes" set to "no". <BR /><BR />Another odd thing is that if I change the users home directory from one mount point to another mount point the sftp works. I verified the permissions of the home directory in both locations and they are exactly the same.<BR /><BR />-Stephen Tue, 24 Jun 2003 22:22:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006304#M750318 Unix Admin 2003-06-24T22:22:47Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006305#M750319 Hi Stephen,<BR /><BR />From Steven:<BR /><BR />Something is different. If all you have to do is change the home directory for the user to get them to work, then here is what to check.<BR /><BR />There is a folder under the user called .ssh/<BR /><BR />The correct permission on this folder are rwx for the user who owns it(read write execute).<BR /><BR />There should be no access to users outside the group and r_x to other users in the group<BR /><BR />ls -la .ssh/<BR /><BR />drwxr-x---<BR /><BR />The files in the directory are very important and the permissions MUST be correct or you get errors.<BR /><BR />authorized_keys -rw-r--r--<BR />id_dsa -rw-------<BR />id_dsa.pub -rw-r--r--<BR />knwown_hosts -rw-r--r--<BR /><BR />Anything wrong here will explain your situation precisely.<BR /><BR />To keep ssh(Secure Shell) and its other secure components secure permissions must be correct.<BR /><BR />Check the permission differences in this folder on the two home directories and you will find the mysterious answer to this problem.<BR /><BR />SEP<BR /><BR /> Tue, 24 Jun 2003 23:15:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006305#M750319 Steven E. Protter 2003-06-24T23:15:51Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006306#M750320 I've not seen this on HP, but on Solaris/Veritas systems. If it's under a discrete mount point, unmount the filesystem, and chmod 755 the mountpoint. Then remount the filesystem. There seems to be an issue about which set of permissions Veritas understands. Wed, 25 Jun 2003 07:57:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006306#M750320 Midrange Systems 2003-06-25T07:57:07Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006307#M750321 Hi,<BR /><BR />Please look at your syslog.log file for explanation.<BR />I had the same problem when ssh to another user and it's permission was set (temporarily) to 777. The syslog.log file told me very clear that these permissions were not allowed. <BR />The point about the mounted nfs FS is totaly new for me, but of course can be the case too. Please let us know what the real problem was. I am very interested in the NFS mount option.<BR /><BR />Regs David Wed, 25 Jun 2003 08:16:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006307#M750321 David_246 2003-06-25T08:16:57Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006308#M750322 I have reverified the permissions of the users home directory and it's contents in the .ssh directory under both mount points and they are identical. The next thing to try will be to reset the direcory permission for the "bad" mount point. I will have to wait until the sysadmin for that box can do this for me which could be several days since this is a heavily used dev box and the mount point in question is where all the homes are located. I will definitely post back the results.<BR /><BR />-Stephen Wed, 25 Jun 2003 15:07:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006308#M750322 Stephen Garcila 2003-06-25T15:07:25Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006309#M750323 Midrange Systems,<BR /><BR />I just got done testing out your suggestion on another one of our 10.20 systems and I've been able to recreate the problem. I unmounted a filesystem, set the permissions to 750 on the mount point directory, then remounted. Even though the mounted filesystems permissions were correct I could not then sftp into the user account. I then repeated the process and set the directory permissions back and the sftp then worked fine. That solution can be packed away in the closet marked "obscure".<BR /><BR />Thanks for all your help everyone.<BR /><BR />-Stephen Wed, 25 Jun 2003 19:47:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-error-couldn-t-canonicalise-permission-denied/m-p/3006309#M750323 Stephen Garcila 2003-06-25T19:47:19Z