In Azure Cloud Shell I was able to create a GPG key.
Now I want to delete it...
gpg --delete-secret-key [ID-OF-KEY]
Which results in...
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
gpg: deleting secret key failed: Permission denied
gpg: deleting secret subkey failed: Permission denied
I had permissions to create it. Why can't I delete it?
Related
please help me to understand how yubikey works with GPG.
I have a key, and i moved it to yubikey. But before that i made a backup my .gnupg folder.
After that, i removed yubikey to use it on another PC.
On the PC i removed .gnupg folder and restored .gnupg folder and restored .gnupg folder from backup.
So, i expect that i have the same keys on my PC and on yubikey.
But if i encrypt something with yubikey, like gpg -e -r 'mykey' 123.txt
I can't decrypt it on my PC with the same key.
It says:
gpg: encrypted with RSA key, ID 3435KSLDKJFLKSJF234
gpg: decryption failed: No secret key"
But i have secret key. What happens?
Yubikey stores the private keys and thus the operations executed on Yubikey are sign and decrypt. (The public keys can also be found on the Yubikey card - because each OpenPGP private key contains a copy of the public key)
When you move a key to Yubikey - the private key is removed (actually only a stub remains) from GnuPG keys folder and it resides only on the Yubikey card. The only way to decrypt now is by using the Yubikey card.
I'm managing multiple heroku accounts and have had to struggle through getting multiple keys added. I've finally done it and I feel confident that I have the correct keys for the correct accounts.
Now, I can push to the first account fine but the second gives me Enter passphrase for key '~/.ssh/key.pub' when I didn't set a passphrase. I tried heroku keys:clear multiple times and re-added keys, both with and without passphrases. When I do enter a passphrase, it gives me three chances and then failed with Permission denied (publickey). When I just enter because the passphrase is empty it goes immediately to Permission denied (publickey).
It may also be noteworthy that the original key was created by heroku and it does not prompt for a passphrase. I've tried generating the account with heroku accounts:add personal --auto as described in the accounts plugin for heroku here and it fails with a No such file or directory - ~/.ssh/identity.heroku.personal.pub when Adding public key to Heroku account: account#gmail.com.
My .ssh/config looks like the following:
Host heroku.personal
HostName heroku.com
IdentityFile "~/.ssh/key.pub"
IdentitiesOnly yes
Host heroku.ad2l
HostName heroku.com
IdentityFile "~/.ssh/another_key.pub"
IdentitiesOnly yes
Anyone have any ideas? Thanks in advance.
I'm able to authenticate, generate, push etc just fine with my SSH keys and Moovweb credentials on my Mac and Linux machines.
However, on my Windows machine, using Git Bash, I get an SSH Permission denied (publickey) error. The error message is below:
$> moov generate 123dsfsdsf nytimes.com
Running environment checks.
Verifying that git is installed...OK
Checking that current 123dsfsdsf directory doesn't exist...OK
Registering project with MoovCloud.
Authenticating with MoovCloud.
Checking for git access...Enter passphrase for key '/Users/firstname.lastname/.ssh/id_rsa':
Enter passphrase for key '/Users/firstname.lastname/.ssh/id_rsa':
FAILED
> Need to upload an ssh key in order to generate a project...
Found the following SSH public keys:
1 ) id_rsa.pub
2 ) new_rsa.pub
Which would you like to use with your Moovweb account? 2
Uploading public key...
Successfully uploaded public key new_rsa.pub as 'firstname.lastname#GGT.local'
You are now ready to push projects to MoovCloud!
Creating project in MoovCloud...OK
Generating files...OK
Cloning project locally.
Enter passphrase for key '/Users/firstname.lastname/.ssh/id_rsa':
Enter passphrase for key '/Users/firstname.lastname/.ssh/id_rsa':
Cloning into '123dsfsdsf'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
ERROR: Error cloning git repo: exit status 128
Please try cloning the repository (git clone moov#git.moovweb.com:firstnameglastname/123dsfsdsf.git) again later.
Try 'moov help generate' to find out details.
Seems like a Windows-specific SSH error. Any workarounds?
So as mentioned in prior answers, the Permission denied error in Windows is because you are trying to use a key other than id_rsa.
Windows lacks the bells and whistles that Linux and Mac have to try out all your public keys when trying to connect to a server via SSH. If you're using the ssh command, you can tell it which key to use by passing the -i flag followed by the path to the key to use:
ssh -i ~/.ssh/moovweb_rsa moov#git.moovweb.com
The above command should work just fine if you've uploaded moovweb_rsa.pub to the console (either via the moov login command or the console UI). However, trying any git related commands should fail because Git doesn't give you the ability to chose which key to use when connecting to the git remote. Because of this, SSH is forced to use the default key, id_rsa, and if that key doesn't work (or doesn't exist), then the connection fails with a permission denied error.
One possible solution, as suggested in other answers, is to simply rename your key to id_rsa. For most people, this is a fine solution. However, if you already have an id_rsa key and you would prefer to use a different key with Moovweb, you can edit your ~/.ssh/config file by adding the following contents:
Host git.moovweb.com
IdentityFile ~/.ssh/moovweb_rsa
If you append the above lines to your ~/.ssh/config file (create it if it doesn't exist), you should be able to successfully get Git to communicate with the Moovweb remote git server. The config basically tells SSH that for the given host (git.moovweb.com), SSH should use the given key rather than the default.
It's worth nothing that this happens to all Git remotes; interactions with Github, Heroku, etc... also suffer through this problem in Windows. You could easily extend your ~/.ssh/config file to use separate SSH keys for each one of those services if you so desired:
Host git.moovweb.com
IdentityFile ~/.ssh/moovweb_rsa
Host github.com
IdentityFile ~/.ssh/github_rsa
Host heroku.com
IdentityFile ~/.ssh/heroku_rsa
Quick & dirty solution: use only the default id_rsa.pub key
Some notes:
make sure you enter the right passphrase to id_rsa.pub
do not use your other key, new_rsa.pub
It turns out that Windows Git Bash doesn't quite come with all the cool utilities Mac/Linux users are used to. Specifically, you don't have ssh-agent running to help handle multiple keys. Without ssh-agent, the git command only seems to use the default id_rsa.pub key.
You can verify this is an SSH/Windows issue following Github's awesome SSH troubleshooting guide. You'll get a Permission denied (publickey) no matter which SSH/Git server you try to connect to.
I am a collaborator on a Heroku java project. I want to clone the project.
When I execute
git:clone -a theapp
I get console messages which I have seen in other posts:
Cloning from app 'theapp'...
Cloning into 'theapp'...
Warning: Permanently added the RSA host key for IP address '50.19.xx.xxx' to the list of known hosts.
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/me/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/me/.ssh/id_rsa
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
I understand that I might be able to change the permissions of /Users/me/.ssh/id_rsa to 700 to fix this problem, but I feel this issue is specifically related to collaborating, where I am not the owner of the project. I have tried :
Heroku keys:add
as well, which did not resolve the problem.
Has anyone successfully git:cloned a project of which he/she was a collaborator - not an owner?
Any help is much appreciated.
This issue is not specific to Github or being a collaborator. A private key must be private. Your private key has permissions that allow those other than the owner - you - to view your private key. This makes the key no longer private.
If you run the following:
ls -All /Users/me/.ssh/id_rsa
You will see that the key has r or rw rights to users other than the owner.
What you need to do is change those permissions so that only the owner has permissions to the key, making it private again. You can do so by running chmod 700 on the file:
chmod 700 /Users/me/.ssh/id_rsa
Now you have a protected private key that only you, the owner, can read, run and execute.
I've created a new ssh key, added it to my ssh keys locally, then added it to heroku. When I try to push, I get a 'not authorized' error. I'm not sure what to do next...
~/app> heroku keys:add /home/user/.ssh/XXX-YYY-ZZZ.pub
Uploading SSH public key /home/user/.ssh/XXX-YYY-ZZZ.pub... done
~/app> heroku keys
=== mail+heroku#mydomain.com Keys
ssh-rsa xxxx zzz#ubuntu
ssh-rsa yyyy zzz#ubuntu
~/app> ssh-add /home/user/.ssh/XXX-YYY-ZZZ
\Enter passphrase for /home/user/.ssh/XXX-YYY-ZZZ:
Identity added: /home/user/.ssh/XXX-YYY-ZZZ (/home/user/.ssh/XXX-YYY-ZZZ)
~/app> git push heroku master
! Your key with fingerprint XXXXX is not authorized to access XXX-YYY-ZZZ.
fatal: The remote end hung up unexpectedly
Do I have to connect that key to my XXX-YYY-ZZZ app somehow? I don't see anything about that in the docs here https://devcenter.heroku.com/articles/keys.
May be related, I have two heroku accts that I'm deploying to, this one that's failing is the second one. I'd like to keep them separate. I suspect the issue is with my ssh_config but I'm not sure how to solve it yet.
Looks like there's a plugin for heroku that will deal with this:
https://github.com/ddollar/heroku-accounts