SSK Key Successful But Wont Let Me Save My Work Now!

[doverradio]

Hello, I have two servers I use sshfs to connect to. Recently I switched over to SSH Key only for both and, tho both connect and bring up the filesystem, only one allows me to edit while the other is "read only". I have tried reconnecting multiple times but cannot figure out what is the issue. I did the same process for both (pointed to the right private key, changed ports) and not sure what is the issue that would cause one to be read only. As a result, I have had to resort to vi for editing. Can you please help me?

[SchoofsKelvin]

How is the file marked as read-only? Are there any errors? Could you post the logs from Output > ssh-fs?

The authentication method used shouldn't change anything. Is your server somehow configured to only have read-only permissions when using a private key? Do you also use the key to use vi via terminal?

The VS Code extension API only allows marking a whole scheme (e.g. ssh://) as read-only, which my extension actually doesn't do. It's unexpected that yours is marked as read-only, especially since you're using two directories and only one is marked as such.

[doverradio]

After reading your response, I suspected perhaps ufw was somehow blocking so I checked my ufw and everything is allowed (I am connecting on port 2993): 22 DENY Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 3000 ALLOW Anywhere 8000 ALLOW Anywhere 2993 ALLOW Anywhere 22/tcp ALLOW Anywhere 22 (v6) DENY Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 3000 (v6) ALLOW Anywhere (v6) 8000 (v6) ALLOW Anywhere (v6) 2993 (v6) ALLOW Anywhere (v6) 22/tcp (v6) ALLOW Anywhere (v6)

Where do I run Output > ssh-fs?

I didn't add settings which would make everything read-only. Prior to logging in via SSH Key (it does this successfully) I get prompted for my password (for sudo Linux user account) and after entering this I get prompted for the SSH Key passphrase. After, I see the green circle under the SSH FILE SYSTEMS to the lower left of VS Code. Up until this point everything behaves as normal. The file system also appears and allows me to expand directories and it even loads my files. Despite all this, the moment I try to edit and save any file I immediately get an alert pop up to the lower right of VS Code saying (assume, for example I was trying to save a file named 'title.js'):

Failed to save 'title.js': Unsable to write file 'ssh://myhost-username/mydomain.com/frontend/actions/title.js' (Error: Permission denied) Retry Save As... Discard

From this, does this give further clues as to how I can solve it? Please share how I may obtain the Output > ssh-fs so I may post for you.
Thank you kindly for assisting me.

[SchoofsKelvin]

Using the "titlebar" menu, View > Output (or Ctrl+Shift+U by default I think), or alternatively using the View: Toggle Output command. Once the extension is running, there should be an option ssh-fs in the Output's dropdown. Those are the logs. When posting them here, make sure sensitive information is censored. It only censors passwords on its own, and even then you should double check!

Prior to logging in via SSH Key (it does this successfully) I get prompted for my password (for sudo Linux user account)

Do you use the sftpSudo option or something similar for SSH FS? (it's something you have to add manually in settings.json, as the Settings UI doesn't support it yet, so if you aren't sure, the answer should be no) That exact error is something thrown by the ssh2 library I use whenever it tries to write to a file it lacks permission for.

[doverradio]

Here is the output for when I initially connect (names have been changed obv.) [INFO] Command received to reconnect magicstore-jeremy [INFO] Command received to connect magicstore-jeremy [INFO] [getSFTP(magicstore-jeremy)] Creating SFTP session using standard sftp subsystem [INFO] Created SSHFileSystem for magicstore-jeremy, reading root directory...

Here is what happens when I click a file: [DEBUG] Reading ssh://magicstore-jeremy/magicstore/backend/controllers/blog.js

Here is what happens when I add a single space and press CTRL + s to save: [DEBUG] Writing 12260 bytes to ssh://magicstore-jeremy/magicstore/backend/controllers/blog.js Simultaneously, I get an alert as shown below: [image: failed-to-save.jpg]

What could be the issue? I can see my code because it loads the page but then it is read only. I thought about sudo privileges and even added my sudo password in plaintext and via prompt. Both ways it constantly is read only.

On Sun, Jul 12, 2020 at 7:49 PM Kelvin Schoofs notifications@github.com wrote:

Using the "titlebar" menu, View > Output (or Ctrl+Shift+U by default I think), or alternatively using the View: Toggle Output command. Once the extension is running, there should be an option ssh-fs in the Output's dropdown. Those are the logs. When posting them here, make sure sensitive information is censored. It only censors passwords on its own, and even then you should double check!

Prior to logging in via SSH Key (it does this successfully) I get prompted for my password (for sudo Linux user account)

Do you use the sftpSudo option or something similar for SSH FS? (it's something you have to add manually in settings.json, as the Settings UI doesn't support it yet, so if you aren't sure, the answer should be no) That exact error is something thrown by the ssh2 library I use whenever it tries to write to a file it lacks permission for.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/SchoofsKelvin/vscode-sshfs/issues/206#issuecomment-657330183, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGT74MVHY4Y7CMJGU3X54BLR3JY2TANCNFSM4OXSG6FQ .

[SchoofsKelvin]

There seem to be a lot of (useful) stuff missing from your log file. Did you cut out a whole bunch?

In the meantime, I'll do some testing myself and see if I can improve the logging of errors, although at this point I'm almost certain that the "Permission denied" is thrown by the ssh2 library, which I can replicate by chmod'ing a file to read-only on my test server.

[doverradio]

I did chmod the authorized_keys file to 600. Could that be causing this? My setup on the server is .ssh is chmod'd to 700. Inside .ssh I have the authorized_keys file, which is chmod'd to 600. I changed my port from port 22 to port 2942 (not actual but don't want to paste actual port here). But if the port was 2942, I added that port in ssh-fs in the settings. The only things I am thinking COULD affect this would be ufw (which I even disabled to solve this but no avail) or some setting in sshd_config (but what?).

I also reran things and checked the output. Here is what I got (edited out privacy stuff): [INFO] [createSocket()] Creating socket [DEBUG] [createSocket()] Connecting to : [INFO] [createSSH()] Creating SSH session over the opened socket [INFO] [getSFTP()] Creating SFTP session using standard sftp subsystem [INFO] Created SSHFileSystem for , reading root directory... [DEBUG] Reading ssh:////backend/controllers/.js [DEBUG] Writing 12261 bytes to ssh:////backend/controllers/.js [DEBUG] Reading ssh:////backend/controllers/.js [DEBUG] Reading ssh:////backend/controllers/.js [DEBUG] Writing 12261 bytes to ssh:////backend/controllers/.js

After adding this, is it more clear now what is the issue?

[SchoofsKelvin]

There should still be a bunch before the Creating socket, although I can infer some missing information from those lines.

Did you chmod the file(s) you're trying to edit? While it might explain the Permission denied error, it doesn't explain why it only happens when using a private key though. That really seems like something configured on your server, and honestly, I didn't even know ssh supported such a feature.

[doverradio]

It was a configuration issue in the end. After rebuilding the server multiple times, for some reason, installing everything as root first and then creating the user account with sudo rights after. After doing a reboot, update of apt, and then create/apply ssh keys did it work normally.

[SchoofsKelvin]

Very weird, but it's good to hear you were able to fix it.