Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Permission denied when using -T flag (ssh-audit installed by snap)

See original GitHub issue

ssh-audit installed with snap

ubuntu@ip-xx-xx-30-85:~$ snap info ssh-audit
name:      ssh-audit
summary:   ssh-audit
publisher: Joe Testa (positronsecurity)
store-url: https://snapcraft.io/ssh-audit
contact:   jtesta@positronsecurity.com
license:   MIT
description: |
  SSH server and client security configuration auditor.  Official repository:
  <https://github.com/jtesta/ssh-audit>
commands:
  - ssh-audit
snap-id:      fuKZFTS5PBD7Lz2T761PRMibsSqbSP8l
tracking:     latest/stable
refresh-date: today at 09:38 UTC
channels:
  latest/stable:    2.5.0-1 2021-08-26 (4) 6MB -
  latest/candidate: ↑                          
  latest/beta:      2.2.0-1 2020-03-13 (1) 9MB -
  latest/edge:      ↑                          
installed:          2.5.0-1            (4) 6MB -

Input file with SSH targets

ubuntu@ip-xx-xx-30-85:~$ ls -la ssh-parsed.txt
-rw-rw-r-- 1 ubuntu ubuntu 15 Oct  8 09:49 ssh-parsed.txt
ubuntu@ip-xx-xx-30-85:~$ cat ssh-parsed.txt
xx.xx.30.85:22

Running ssh-audit with -T flag gives permission denied error

ubuntu@ip-xx-xx-30-85:~$ ssh-audit -T ssh-parsed.txt
Traceback (most recent call last):
  File "/snap/ssh-audit/4/bin/ssh-audit", line 8, in <module>
    sys.exit(main())
  File "/snap/ssh-audit/4/lib/python3.8/site-packages/ssh_audit/ssh_audit.py", line 1047, in main
    aconf = process_commandline(out, sys.argv[1:], usage)
  File "/snap/ssh-audit/4/lib/python3.8/site-packages/ssh_audit/ssh_audit.py", line 684, in process_commandline
    with open(aconf.target_file, 'r', encoding='utf-8') as f:
PermissionError: [Errno 13] Permission denied: 'ssh-parsed.txt'

Running as sudo gives the same error

ubuntu@ip-xx-xx-30-85:~$ sudo ssh-audit -T ssh-parsed.txt
Traceback (most recent call last):
  File "/snap/ssh-audit/4/bin/ssh-audit", line 8, in <module>
    sys.exit(main())
  File "/snap/ssh-audit/4/lib/python3.8/site-packages/ssh_audit/ssh_audit.py", line 1047, in main
    aconf = process_commandline(out, sys.argv[1:], usage)
  File "/snap/ssh-audit/4/lib/python3.8/site-packages/ssh_audit/ssh_audit.py", line 684, in process_commandline
    with open(aconf.target_file, 'r', encoding='utf-8') as f:
PermissionError: [Errno 13] Permission denied: 'ssh-parsed.txt'

However passing target directly as an ssh-audit argument works

ubuntu@ip-xx-xx-30-85:~$ ssh-audit xx.xx.30.85:22
# general
(gen) banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
(gen) software: OpenSSH 8.2p1
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib@openssh.com)
...

Linux information

ubuntu@ip-xx-xx-30-85:~$ uname -a
Linux ip-xx-xx-30-85 5.11.0-1019-aws #20~20.04.1-Ubuntu SMP Tue Sep 21 10:40:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
jtestacommented, Oct 15, 2021

@MMquant I published an updated Snap package (2.5.0-2). I think updates are applied automatically every 6(?) hours, so you’ll get it soon. Or you can manually run sudo snap refresh to force an update.

Once you have 2.5.0-2 (you can check with snap info ssh-audit), you can optionally give it read & write permissions to your home directory with the following command: sudo snap connect ssh-audit:home :home (note that hidden files and directories would still be disallowed). And either way, $HOME/snap/ssh-audit/common/ will always be readable & writable.

Thanks for reporting this issue! If you run into any more problems, please let me know!

0reactions
jtestacommented, Oct 14, 2021

@MMquant The Snap system is preventing file reads and writes to any path other than $HOME/snap/ssh-audit/common/. So one workaround is to put your list of targets in that directory.

I’m currently preparing a fix that would allow users to grant access to their home directory, as well as give more informative error messages when Snap prevents access. Stay tuned!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Permission denied error when running apps installed as ...
Same happens in Ubuntu 18.04. If the user home directory is not under the /home (or / ) mount, it not possible to...
Read more >
snap-installed version gets Permission denied when ...
I recently installed a new Ubuntu server ("bionic"), and was flattered to see that wormhole is offered (next to docker and kubernetes and ......
Read more >
[Solved] "Permission denied" in general | Ubuntu 19.10
Note that I have GNOME, KDE, and XFCE installed. Using KDE because I found it did freeze like GNOME for me. :~$ snap...
Read more >
Linux, snap, and Mysterious File Permission Errors
The Symptom. I installed a snap package. I tried to run it. I saw this: PermissionError: [Errno 13] Permission denied: ...
Read more >
with open(result.csv , a, newline=, encoding='utf-8') as f
jtesta/ssh-auditPermission denied when using -T flag (ssh-audit installed by snap)#124. Created about 1 year ago. 5. ssh-audit installed with snap.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

LookupError: unknown encoding: idna

Next page

Group Size Enumeration of diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256