openssh windows bad owner or permissions - windows

I've installed openssh for windows and when I run ssh localhost I get
Bad owner or permissions on C:\Users\gary/.ssh/config
I've looked at these 2 questions https://superuser.com/questions/348694/bad-owner-or-permissions-error-using-cygwins-ssh-exe and https://serverfault.com/questions/253313/ssh-returns-bad-owner-or-permissions-on-ssh-config but none of the answers work for me. sshd is running as a service as the Local System user. I've run chmod 0600 C:\Users\gary\.ssh\config and chown gary C:\Users\gary\.ssh\config. I've also cleared the ACL by running setfacl -b C:\Users\gary\.ssh\config and then chmod 0600 C:\Users\gary\.ssh\config again. I've also tried changing the owner to SYSTEM and got the same error.
I'm not sure what else to do, is there anything wrong with my setup? I also have git installed which installed mingw, I deleted ssh and sshd from my git installation so they wouldn't be on my path.
Other commands I've run are
icacls "C:\Users\gary\.ssh\config" /setowner gary
chown -R gary:1049089 C:\Users\gary\.ssh
ls -la C:\Users\gary\.ssh\config shows
-rw-r--r-- 1 gary 1049089 229 Jan 3 14:43 'C:\Users\gary.ssh\config'
it keeps showing this even after changing the owner to SYSTEM, but in the file properties in file explorer it shows SYSTEM as the owner

This started popping up immediately after I created another user with Administrator privileges, and that account began inheriting access to my .ssh folder.
You do not need to change your permissions whatsoever.
Just go to .ssh, right-click Properties, Security Tab, Advanced. DISABLE INHERITANCE, then click on the Administrator user (the one that is not you) and Remove them. Apply. Done.

Use ssh client from Git instead of Windows inbuilt SSH client. E.g. set VS Code to use C:\Program Files\Git\usr\bin\ssh.exe instead of C:\Windows\System32\OpenSSH\ssh.exe.
Steps:
In VS Code navigated to [File] -> [Preferences] -> [Settings] -> Search remote.ssh.path
Input C:\Program Files\Git\usr\bin\ssh.exe
Alternatively:
Update PATH environment variable to point to Git bin before Windows System32.
Type "env" in Start bar to edit System (or account) environment variables.
Select Path and hit edit.
Add C:\Program Files\Git\usr\bin\ssh.exe to the list and move it to the top of the list.

Just got same issue after re-install windows. And easily fixed just by changing the file permissions to
SYSTEM & Administrators - Full Control
[your username] - Modify & as Owner
Note:
I'm still using Windows 10 built-in SSH client C:\Windows\System32\OpenSSH\ssh.exe & not using cygwin at all

For those still struggling with this, check this out: https://github.com/PowerShell/openssh-portable/pull/418. This was the case for me. It turns out that your computer should be named differently from your username... 🤷‍♂️ It will probably be fixed soon in future updates, because fix got into commit.
So again: if your computer name is the same as your username and you still haven't fixed this issue with permissions dialog, then probably renaming your computer could help.

Instead of using the properties box, you can use the one liner:
icacls .ssh /grant:r <yourUserName>:f /inheritance:r
/grant:r username:f -> grant and overwrite permissions, giving full permissions to username
/inheritance:r -> remove inherited permissions
Keep known_hosts writable with
icacls .ssh/known_hosts /grant:rw <username>:f /inheritance:r

I'm not sure what version of Windows you're running, but since this is recent I'd guess Windows 10. I recently found out that an OpenSSH client is installed by default as of the April 2018 update. I then found I had two instances of OpenSSH: the one I installed myself and the one Windows gave me. Uninstalling the one I had installed caused the error message you describe.
The solution that worked for me was to remove the user-installed OpenSSH as well as the C:\Users\username\.ssh folder, and let Windows 10 OpenSSH create the folder when you run the command the next time. I didn't have any configuration I was worried about losing, but if you do I'd suggest copying and pasting the contents of the files somewhere and recovering them afterwards.
Hope this helps!

Having the exact same issue today, this is how I solved it:
Go to C:\Users\username.ssh
Right-click the config file
Properties -> Security -> Advanced -> Disable Inheritance -> Disable
inheritance -> Remove all inherited permissions from this object ->
Apply -> Yes -> Ok -> Ok

Use FixUserFilePermissions.ps1 to fix permissions of client side files - keys and config files of current user.
git clone git#github.com:PowerShell/openssh-portable.git
cd openssh-portable/contrib/win32/openssh
.\FixUserFilePermissions.ps1 -Confirm:$false

On windows server this is due to permission problem. Need to remove access to other users for the following folders
.ssh - folder
Right click on this folder -> Select "Give access to" - > Click on "Remove Access"
Right click on this folder -> Select "properties" - > "Securities" - > Click on "Edit Permissions" - Remove other users except the ID you are logged in.
Repeat the same process for the folder under which you have .pem file. (Note: Keep .pem file in a separate folder)

For anyone, who still has troubles after applying the owner + modify (plus full control for admins): it did not work for me. Then I saw a solution to remove all other users (incl all admins), which did not help either.
This worked for me:
leave System and Administrators in place, with full control, as suggested above
leave the user itself in place, as owner, with modify, as suggested above
however, remove any other user or group. You probably need to go to advanced first, to disable inheritance of rights
after I removed an administrative user who was added by Windows after entering my folder (by passing through the UAC box), it worked for me again.
Hope this helps for anyone who encounters this specific issue :-)

If User is in Administrative group just keep configuration in
c:\programdata\ssh\ssh_config instead %USERPROFILE%.ssh\config, will work

after disabling inheritance, make sure you add your current user, else u cannot edit the file

For me it was fixed by running chmod 0644 config under ~/.ssh/. Earlier it was set to 755 which was causing "Bad owner or permissions on /home/home/.ssh/config"

I tried all the solutions above, and sadly still can't fix this issue. I'm pretty sure the permission of my ssh config is correct, this has been verified by the Explore GUI and the Get-Acl commands.
Then I finally find a way to solve it:
delete the entire .ssh folder and then open powershell and type ssh localhost. It will create a new .ssh folder for you, then you can apply the above permission tweaks(for me I only did one thing: disable inheritance).
So if other solutions doesn't work for you, maybe you can try this. Hope it's helpful.
PS: don't forget to backup your old .ssh folder before deleting it.

I was having this problem, and no amount of changing permissions or disabling inheritance on the config file would fix it. It turned out that it did not like my computer name and user name being the same, so I re-named my computer, allowed open ssh to re-create the config file, and the permissions are now correct. That was probably a bad idea to begin with, tbh.

I deleted C:\Users\user/.ssh/config and reran my stuff, then it worked.
However, if you have something valuable there, make a backup first, just in case!

After a domain change over, I started having this same problem. Went through all of the suggestions listed and nothing worked, including both chmod and chown solutions.
I ended up fixing the problem by copying the folder, pasting it, deleting the original, and then renaming it back to .ssh.

The problem seems from the files are owned/has-permission for more than one user.
1- Go to your ./ssh folder and for both config & id_rsa files. From the properties -> Security -> Advanced:
2- Make sure that the user that you are logged in with IS the only user there.

No group change or whatever,the first answer is right.Change to git ssh.exe
How?
uninstall win10's openssh in Settings
add path of git's ssh.exe to your Path

For me it was fixed by running chmod 0644 config under ~/.ssh/ when running WSL.

Rename the config file to something like config2
Open this file with notepad
Save As config (original name)
This worked for me.

I guess it was caused by the wrong path expression.
Bad owner or permissions on C:\Users\gary/.ssh/config
The /.ssh should be \.ssh. So I try to use git bash (the terminal tool when install git in Windows system) to run ssh command. It really works. But I don't really know if it is caused by the reason I guessed.

Hi guys after a troubleshoot for a day I found that this "m.. f.." config file should not stand in the .ssh/ path.
For VSCODE just set the config in 'C:\ProgrmaData\ssh\ssh_config' path as proposed in the second choice of the palette command, and forget .shh path for this configuration.
That worked fine for me.
Nota: there was also a known_host file also created here with strange VM names inside, I deleted also this file. and that helps

For me, re-editing the permission settings in Windows is too complicated. Regenerating another configuration in vscode does not work either.
I set a custom config file path to solve this problem.
["Remote SSH: Config file"]
The absolute file path to a custom SSH config file.
note: search this option by #ext:ms-vscode-remote.remote-ssh,ms-vscode-remote.remote-ssh-edit config file

This is because the config file cannot be accessed normally. We can create a new config file (this file needs to be accessible normally), such as D:/.ssh/config, and then specify the configuration file through the -F option: ssh -F D:/.ssh/config username#ip_address -p port

Delete the .config file, it has worked for me

Related

Cant clone git repository

first-time asker here. I have an issue with git, cant clone anything. If I don't specify where to clone, this will appear.
> git clone https://gitlab.corp.cz/username/project_name.git project_name
fatal: could not create work tree dir 'project_name': No such file or directory
If I first create a folder via explorer, then the error message is different.
> git clone https://gitlab.corp.cz/username/project_name.git project_name
Cloning into 'project_name'...
C:/Users/username/Documents/project/path/.git: No such file or directory
Mkdir say the same, though not sure if windows even have a mkdir. At least a month ago, it worked. Please help, even reinstalled windows, didn't help.
EDIT: It looks like it is not a git problem. I cannot create any file using nothing other than windows explorer. Checked and I have write permissions for this folder, so most likely a windows problem.
a) You must run the command in a directory where you have write permission;
b) Add git to the list of allowed applications:
1 - Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.
2 - Under Virus & threat protection settings, select Manage settings.
3 - Under Controlled folder access, select Manage Controlled folder access.
4 - Switch the Controlled folder access setting to On or Off.
c) If that doesn't work, try running the terminal with the administrator.
If you are using WSL (Windows Subsystem for Linux) to execute this command in the terminal check if the linux user has permissions to create a new folder there or try doing it as root.
If you are using Powershell or the Command Prompt try running it as Administrator and check if cloning a repo will work.. if this works there is a problem with your permissions. In this case try to change your working path so if the folder you are trying to clone a repo is in "C:\Program Files" or "C:\Program Files (x86)" try cloning to another place as these paths cause problems.

How to solve '.git/index.lock': No such file or directory' error?

Summary
I recently lost the ability to make any changes using Git on my Windows system. After a few days of not using my PC I come back to a non functional git so I have no idea what caused this issue.
Examples:
git add or git checkout => fatal: Unable to create 'dummy-repo/.git/index.lock': No such file or directory
git clone => fatal: could not create work tree dir 'DummyRepo': No such file or directory
As a side note, this problem occured after trying to start my Flutter application, which could not retrieve the packages because of an OS error where access was denied. I'm thinking this is either because of some write permissions being messed up or a certain process locking a file.
What I've tried so far:
Closing all files and rebooting PC
Uninstalling and reinstalling Git
Run Git Bash as an administrator
Changed system write permission to my user account for all files
Any help is appreciated!
On Windows, this may happen if you enabled the "Ransomware protection" in Setting > Windows security > Virus & threat protection.
You need to add an exclusion for git.exe, or move the project outside a protected folder.
I've solved it myself by changing the location of my project to C:\ instead of a way longer path. This was never a problem before but it works so I'm happy.
I did 2 things:
I found that there was a file named 'index' in '.git/' directory. I made a copy of it, and renamed the copy as 'index.lock'.
Under 'Ransomware protection', I temporarily switched off 'Controlled folder access'.
Problem solved.
After I am done, I switched 'Controlled folder access' back on.
Try creating that file in your .git directory, you can use these commands in Git Bash or linux/mac
cd .git
touch index.lock
On Windows CMD
cd .git
type nul > index.lock

Cannot delete __jb_old___ file

It seems like WebStorm created a file login.component.ts___jb_old___ and I can't delete it or move it.
I've gone into settings and turned off safe write, and restarted WebStorm, but I can't delete the file, which is making me unable to run my docker container.
Doing an ls -ll prints
-rw-r----- 1 Uknown+User Unknown+User 2308 Feb 6 11:29 login.component.ts___jb_old___
All of the other files in the directory have the correct permissions and are owned by me.
I'm on Windows and I am the only user on the computer and set as Admin, I've opened an Admin command prompt and still get access denied when trying to change permissions of the file or delete the file.
When I open File Explorer to try and change it through the windows gui it tells me You do not have permission to view or edit this object's permission settings.
Any ideas on how I can delete this file?
You shoud close your webstorm app.
I delete it success but created again when i refresh directory.
I restart the PC then this problem resolved...
A working fix.
IntelliJ 2019.2.2 w/ PyCharm (Latest release)
After updating to 2019.2.2 I was having this error as well. The problem I was facing was on running webpack-dev-server.
Found the recommendation to disable 'Safe writing' - which resolved my issue.
Settings > Appearance and Behavior > System Settings.
Hope this helps!

IntelliJ IDEA git Permission denied (publickey)

I got a strange problem with using git on IntelliJ IDEA on Windows 10.
If I want to access the remote repo on GitLab, I always get
Permission denied (publickey).
Everything I found here or via Google didn't solve the problem.
I tried:
Setting the ssh executable to Native
Converting my public key from Putty to ssh-keygen style
Removing known_hosts
I also tried to access the repo with Git Bash, it works fine like that.
Another interesting fact is that after removing known_hosts, I got "Host key verification failed". I had to use Git Bash once to recreate the known_hosts entry, after that I got the Permission denied error again. Somehow I don't get asked for any user input.
I faced this problem while connecting bitbucket cloud from my Intellij 2019.2 , which thankfully got solved with the following steps. Please note that these steps are to be carried out after you successfully generate and add ssh-public key to your bitbucket/github/gitlab profile.
Open Git-SCM ssh_config file present in Git-SCM installation directory.It's default location in Windows (for 64 bit) is in C:\Program Files\Git\etc\ssh\
Add the following lines into ssh_config
Host *your-gitlab-or-github-or-bitbucket-hostname*
IdentityFile *your-ssh-rsa-privatekey-file-with-absolute-path*
for e.g
Host bitbucket.org
IdentityFile C:/Users/Sahil/.ssh/id_rsa
Source:
https://intellij-support.jetbrains.com/hc/en-us/community/posts/360004124959-IntelliJ-2019-1-3-Can-t-access-git-using-SSH-keys
Update IDEA 2021.2.3
The bug in Sahil's answer has been fixed and Christian's solution is not needed with the correct entry in your ssh config file for the most common case of one key for one or more hosts. Additional options for complex configurations, such as multiple keys to the same or multiple hosts, can be found in Maddes comprehensive answer on superuser.
ANY inconsistency between ssh-agent and ssh-add leads to a situation where some things work and some don't.
For example, I had the Windows OpenSSH agent running but my path pointed first to the Git for Windows ssh-add. Many such failures are possible given the many ssh implementations out there, so know that you know where things are running from.
To get ssh working in IDEA...
Git for Windows
Install Git for Windows. I put it in C:\Git since, as a standard user without an elevated install, I couldn't write to C:\Program Files.
In Control Panel | User Accounts | Change my environment variables add the Git usr\bin folder to the path after the cmd folder entry already there (e.g. C:\Git\usr\bin for my installation).
Unset environment variable HOME -- it still breaks ssh in this version of IDEA.
In a Windows cmd.exe console, run start-ssh-agent.cmd to start the agent
In IDEA in Settings | SSH Configurations | Authentication type: set it to Key pair OpenSSH or PuTTY and test your connection. Then, make a small change and test Commit and push....
Windows OpenSSH
In Control Panel | User Accounts | Change my environment variables add C:\Windows\System32\OpenSSH to your path. Make sure no other ssh implementation is ahead of this in the path!
Start the OpenSSH agent in Task Manager | Services (or any number of other ways)
Set your IDEA SSH Configuration as #5 above
Keep in mind that, on Windows, ssh in IDEA uses the environment available in a standard Windows command-line console (cmd.exe). If git operations work there, then with the above steps in place, they'll work in IntelliJ.
It has been really long since OP but here is my solution on an execution basis:
You need to open a prompt and set the ENVVAR GIT_SSH_COMMAND.
You need to open IntelliJ from that same prompt.
Example:
> set GIT_SSH_COMMAND=ssh -i C:\\path\\to\\not\\default\\key
> idea
Also the path to not-default-key should use ~ instead of %userprofile% or paths unix-like using /.
I was having this same issue, and while it did have to do with the public key, my issue was concerned with WSL2/Linux and windows .ssh folders. My keys were in my WSL2/linux folder system, but intelliJ was looking in my windows folder system.
I copied my rsa keys from WSL2 to windows, and it worked automatically. In fact, I attempted to have it fail again by removing the keys from the Windows folders, but intelliJ must have it's own keylocker solution, because even without the keys in the Windows .ssh folder intelliJ continued to work.
For a screen capture explaining it you can see it here https://vimeo.com/558267383/74d55415c4
If you're using wsl2 in Clion like me, just add
Host github.com
IdentityFile /home/yieatn/.ssh/github
to /home/user/.ssh/config (create if it doesn't exit). You don't even have to restart IDE.
Adding to Cristian Torres's answer:
For all of you folks struggling with a similar problem on Mac OSX:
In IntelliJ, PyCharm, etc. click Tools -> Create Command-line Launcher...
Open your terminal and execute:
$ export GIT_SSH_COMMAND="ssh -i ~/.ssh/your-custom-private-key"
$ idea
For PyCharm the executable name is charm or /usr/local/bin/charm
Goland: goland or /usr/local/bin/goland
WebStorm: webstorm or /usr/local/bin/webstorm

Error on git pull error : cannot open .git/FETCH_HEAD: Permission denied

I'm looking for help !!
I am getting the following error message when trying to complete a git pull;
C:\Jenkins\Repo> git pull error: cannot open .git/FETCH_HEAD: Permission denied
The machine in question is Windows Server 2008 r2 OS and were using ssh to handle the authentication.
We have tried the following;
Checked that the current user the correct read/write on the FETCH_HEAD file, which it does, also checking that the user has the correct permissions set on the repo root.
I have tried to load my private key (which I know 100% works and has permissions to the repo in question) and still the same issue... so from little I know regarding git I think this is more of a Windows issue
and lots of Google !
Any more ideas on what to do/check would be a great help !
This happened to me after I upgraded to Windows 10. While my user is an administrator and Administrators had full access to the root repo folder, my user was not explicitly listed. I've added my user with Full Control and it solved the problem for me (had the same issue with Outlook refusing to read the PST file until I did the same thing).
So, for me, the solution is:
Right click on the folder, select properties
Security
Edit
Add
Type in my user name
Check Full Control under Allow
OK, OK
On Windows 10 this is what worked for me:
1. go to the repo folder
2. right click on the .git folder and choose the last option - properties
3. on the general tab uncheck hidden checkbox if checked
4. hit apply and then ok
now go try git fetch or git pull and it should work.
This is fairly a common problem. I've come across it many times and almost all of the times, the issue is with the right permissions to the repo/directory .git/ and the right SSH keys to access the git repository.
You probably need to make the user, the owner of the repository chown (Give full access to the user) or, clone the repository to a different directory.
You can set the write permission with the following command
go to your folder chown -R youruser:yourgroup .git/
Also try to un-hide the .git folder.
In my case, this happend because I hide the .git folder by hand(usually it will be hide automatically) but I forgot it.
I have tried edit security but no effect. So I just show the .git folder and solve the problem.
May this can be help for someone
This happened to me because after updating windows.
Kindly try these steps:
Right click on folder -> properties
Under general there are two checkbox hidden and read only -> uncheck the hidden check box and click on apply
Under security -> edit -> add user -> apply
give full access to your user
This will work for you
just remove the folder,and clone again.
What I did was open powershell / command prompt with Administrative rights inside the repository, and I was able to pull / fetch / merge and push.
This problem can also be caused by the caches Jenkins keeps of it's Git operations. I had tried chowning the files I thought were causing the problem, I also deleted the workspace completely.
After deleting %ProgramData%\Jenkins\.jenkins\workspaces\MY-BUILD* I still had the exact same error message.
In %ProgramData%\Jenkins\.jenkins\caches I deleted everything but you could probably just delete the git-<HEX_ID> and git-<HEX_ID>#tmp folders and retry the same checkout. This resolved the issue for me as Jenkins was forced to recreate the .git folder in both the workspace and the cache and the permissions were then correct.
Steps:
Delete the workspace folders of the troublesome job
Delete the Git caches
Retry the job

Resources