Can't create a SSH key

hello,

When I want tocreate a SSH key I get the following error:

Failed to save SSH key : open /tmp/.webmin/12557_1_save_key.cgi failed: Permission denied. Generating public/private rsa key pair. Saving the key failed: /tmp/.webmin/12557_1_save_key.cgi.

Status: 
Active

Comments

Howdy -- just so that we can try and reproduce it, what process are you using to generate the SSH key? And are you running that as root, or as another user?

mlkoekenberg's picture
Submitted by mlkoekenberg on Fri, 05/28/2010 - 09:30

This is in cloudmin -> cloudmin settings -> ssh keys.

Add anew ssh key

I try to create a ssh key there. Publickey generated by cloudmin.

That's a surprising error, as Cloudmin generates the key using the ssh-keygen command which is run as root, and so shouldn't have any permissions problems.

What permissions do you have on the /tmp/.webmin directory?

Does deleting that directory help? (it will be re-created automatically)

mlkoekenberg's picture
Submitted by mlkoekenberg on Fri, 05/28/2010 - 13:04

the directory is manual set to 777. Whe I delete it i will be recreated but I get the same error again. The premissions an't the samen a the tmp folder (777).

Are you perhaps running a custom version of openssh, or are you just using the package that comes with CentOS ?

mlkoekenberg's picture
Submitted by mlkoekenberg on Mon, 05/31/2010 - 09:16

|I use the original package from centos.

So you perhaps have any special mount options on /tmp , like noexec ?

On a test CentOS 5 system, SSH key generation in Cloudmin works fine for me.

mlkoekenberg's picture
Submitted by mlkoekenberg on Tue, 06/01/2010 - 02:28

I've no specialmounts on tmp.

Maybe it's a good ideas when you login. The you can invest for yourself.

Sure, I would be glad to login and take a look .. you can send me login details at jcameron@virtualmin.com , or use our remote support access feature.

I just created a key OK with the "Generated by Cloudmin" option.

What are you selecting on the creation form exactly? And are you using the "Add a new SSH key" link?

mlkoekenberg's picture
Submitted by mlkoekenberg on Sun, 08/01/2010 - 07:21

I reinstalled cloudmin (due a rootkit) and I get the same problem. On a freshly installed system I can't create a ssh key.

When I copy a manualy created key in the form. I say that it isn't a ssh key....

mlkoekenberg's picture
Submitted by mlkoekenberg on Sun, 08/01/2010 - 09:34

I've created a key manualy and imported this in Cloudmin. This was working. Via cloudmin will raisen the permission error.

So you mean the manually created and imported key cannot SSH to other systems, due to a permissions error?

mlkoekenberg's picture
Submitted by mlkoekenberg on Mon, 08/02/2010 - 08:06

No, I cant creata a ssh key automaticaly.

The work-a-round was to create itmanualy and import it in the form.

Everythng isworking now but I had to configure it manualy.

I am running into an identical error. On a completely fresh install, I cannot use Cloudmin to generate an SSH key, and it fails with the same error. Have to do it manually.

...and setting permissions of 777 on /tmp/.webmin doesn't help.

Anyone who is seeing this - do you have SElinux turned on?

Yes, the issue seems to be related to SELinux being in "enforcing" mode. When switched temporarily to "permissive" mode, I am able to successfully generate a new key with:

Cloudmin Settings > SSH Keys > Add a new SSH key with "Generated by Cloudmin" selected and "Source for public key" blank. Doesn't matter the setting for "Add to root's authorized keys on new systems?".

When SELinux is in "enforcing" mode, I get this error when doing the same:

Failed to save SSH key : open /tmp/.webmin/416217_18466_1_save_key.cgi failed: Permission denied. Generating public/private rsa key pair. Saving the key failed: /tmp/.webmin/416217_18466_1_save_key.cgi.

With SELinux in "permissive" mode, I mounted /tmp with and without "noexec", and it did not make a difference; I was able to successfully create a key, as above, with and without "noexec".

System info: CentOS Linux 7.2.1511 Webmin 1.801 Virtualmin 5.03 Cloudmin 9.0.kvm Pro

Kevn

Ok, that explains it - I'd recommend turning SElinux off permanently.