ssh-principal-and-ca-playground icon indicating copy to clipboard operation
ssh-principal-and-ca-playground copied to clipboard

Published 20 hours ago verified publisher icon dmuth

trouble using ssh-principal-and-ca-playground

Open lg2436 opened this issue 1 year ago • 1 comments
trafficstars

Hello,

I’m running Debian 12 Bookworm OS I installed docker through "sudo apt install docker-compose" command

After having cloned ssh-principal-and-ca-playground repo, I tried to execute ./test.sh and I got that:

[ FAIL ] docker-compose exec client ssh root@server whoami [ FAIL ] docker-compose exec client ssh user1@server whoami [ FAIL ] docker-compose exec client ssh user2@server whoami [ FAIL ] docker-compose exec client ssh user3@server whoami [ PASS ] docker-compose exec client ssh userFAIL@server whoami [ FAIL ] docker-compose exec client ssh root@ca whoami [ FAIL ] docker-compose exec client ssh user1@ca whoami [ FAIL ] docker-compose exec client ssh user2@ca whoami [ PASS ] docker-compose exec client ssh user3@ca whoami [ PASS ] docker-compose exec client ssh userFAIL@ca whoami Results: Num Passes: 3 Num Fails: 7 Overall: FAIL

Then I enter into client container through "docker-compose exec client bash " command with success.

But when I try to ssh in server through "ssh user1@server" command, I got:

Bad owner or permissions on /root/.ssh/config

These permissions are:

436a37d0c885:/# ls -ld /root/.ssh/config -rw-r--r-- 1 1000 1000 427 May 16 15:27 /root/.ssh/config

so I’m stuck here

lg2436 avatar May 17 '24 09:05 lg2436

Well, I expected that maybe an image I was using changed, but instead I'm getting "it works for me". Let me drop some screenshots first:

Screenshot by Dropbox Capture

Screenshot by Dropbox Capture

So that's interesting, and there's one thing that's different in my setup from yours: the user ID and group ID of /root/.ssh/config on the client container are different. For me, they're root (UID 0) where yours are UID 1000.

My environment is an iMac running Mac OS Venture 13.5.1 (22G90) and using Orbstack as my Docker engine. So clearly there are some differences between my environment and yours.

So let's troubleshoot! Here are a few things I think we could try:

  • Maybe I could try spinning up Debian 12 in a VM and see if I can reproduce it
  • You could also try checking your Docker settings and see if there are any settings that infleunce what user the Docker daemon and/or the containers run as.
  • The containers on your machine may also need to be run in privileged mode. It would not be the first time I was bit by that bug. 😹

Let me know how you want to proceed, and we can go from there.

Thanks,

-- Doug

dmuth avatar May 19 '24 01:05 dmuth