HPE Community
Operating System - HP-UX
1819682 Members
3997 Online
109605 Solutions
New Discussion юеВ

sftp error - Couldn't canonicalise: Permission denied

 
Unix Admin
New Member

тАО06-24-2003 01:58 PM

тАО06-24-2003 01:58 PM

sftp error - Couldn't canonicalise: Permission denied

I can ssh into an HPUX 10.20 box with no problems but when I try to use sftp for certain user accounts I get the following error.

Couldn't canonicalise: Permission denied
Need cwd

It seems to me that this refers to a permission problem with the accounts home directory but I tried that angle and opened it completely (777) with the same result. Any insight into this problem will be greatly appreciated.
0 Kudos
Reply
7 REPLIES 7
Sridhar Bhaskarla
Honored Contributor

тАО06-24-2003 02:39 PM

тАО06-24-2003 02:39 PM

Re: sftp error - Couldn't canonicalise: Permission denied

Hi,

You said it worked for certain users.

See if the local id of the user matches id on the remote system.

Do not set the permissions to 777. ssh will stop working completely if you set the parameter "StrictModes Yes".

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Unix Admin
New Member

тАО06-24-2003 03:22 PM

тАО06-24-2003 03:22 PM

Re: sftp error - Couldn't canonicalise: Permission denied

Hi Sridhar,

Thanks for replying. I currently have the "Strict modes" set to "no".

Another odd thing is that if I change the users home directory from one mount point to another mount point the sftp works. I verified the permissions of the home directory in both locations and they are exactly the same.

-Stephen
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-24-2003 04:15 PM

тАО06-24-2003 04:15 PM

Re: sftp error - Couldn't canonicalise: Permission denied

Hi Stephen,

From Steven:

Something is different. If all you have to do is change the home directory for the user to get them to work, then here is what to check.

There is a folder under the user called .ssh/

The correct permission on this folder are rwx for the user who owns it(read write execute).

There should be no access to users outside the group and r_x to other users in the group

ls -la .ssh/

drwxr-x---

The files in the directory are very important and the permissions MUST be correct or you get errors.

authorized_keys -rw-r--r--
id_dsa -rw-------
id_dsa.pub -rw-r--r--
knwown_hosts -rw-r--r--

Anything wrong here will explain your situation precisely.

To keep ssh(Secure Shell) and its other secure components secure permissions must be correct.

Check the permission differences in this folder on the two home directories and you will find the mysterious answer to this problem.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Midrange Systems
Occasional Contributor

тАО06-25-2003 12:57 AM

тАО06-25-2003 12:57 AM

Re: sftp error - Couldn't canonicalise: Permission denied

I've not seen this on HP, but on Solaris/Veritas systems. If it's under a discrete mount point, unmount the filesystem, and chmod 755 the mountpoint. Then remount the filesystem. There seems to be an issue about which set of permissions Veritas understands.
0 Kudos
Reply
David_246
Trusted Contributor

тАО06-25-2003 01:16 AM

тАО06-25-2003 01:16 AM

Re: sftp error - Couldn't canonicalise: Permission denied

Hi,

Please look at your syslog.log file for explanation.
I had the same problem when ssh to another user and it's permission was set (temporarily) to 777. The syslog.log file told me very clear that these permissions were not allowed.
The point about the mounted nfs FS is totaly new for me, but of course can be the case too. Please let us know what the real problem was. I am very interested in the NFS mount option.

Regs David
@yourservice
0 Kudos
Reply
Stephen Garcila
New Member

тАО06-25-2003 08:07 AM

тАО06-25-2003 08:07 AM

Re: sftp error - Couldn't canonicalise: Permission denied

I have reverified the permissions of the users home directory and it's contents in the .ssh directory under both mount points and they are identical. The next thing to try will be to reset the direcory permission for the "bad" mount point. I will have to wait until the sysadmin for that box can do this for me which could be several days since this is a heavily used dev box and the mount point in question is where all the homes are located. I will definitely post back the results.

-Stephen
0 Kudos
Reply
Stephen Garcila
New Member

тАО06-25-2003 12:47 PM

тАО06-25-2003 12:47 PM

Re: sftp error - Couldn't canonicalise: Permission denied

Midrange Systems,

I just got done testing out your suggestion on another one of our 10.20 systems and I've been able to recreate the problem. I unmounted a filesystem, set the permissions to 750 on the mount point directory, then remounted. Even though the mounted filesystems permissions were correct I could not then sftp into the user account. I then repeated the process and set the directory permissions back and the sftp then worked fine. That solution can be packed away in the closet marked "obscure".

Thanks for all your help everyone.

-Stephen
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.