-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required key not available #3261
Comments
Nobody? |
I can't repro your issue, from outside or inside the chroot -
It looks like your chroot is in need of an update, I would do that first to see if the issue disappears. -DennisL |
I've got it updated. It's the same for debian and xenial chroots. It's buggy just in Downloads folder, any other folder is fine (so the bridge between chromeos and chroot is broken). crouton is giving me this warning:
Is it somehow useful? |
Not for me. I haven't seen any other reports of this behavior either.
It's useful for those that want to tighten down security -
See this page for info. about 'Developer Mode'. Hope this helps, |
This is happening to me too the following way:
Notes:
|
I've just hit this and might have stumbled on a clue. I normally run this immediately after startup:
then use Secure Shell to connect to the chroot, windowed and full-screen. This provides a better terminal experience, option profiles, etc. I'm finding that I can write to |
Here's what I've figured out so far: The Downloads dir (and possibly other dirs, maybe parents, I haven't checked) is encrypted on Chrome OS. It's using ext4 filesystem-level encryption. The key for accessing the data is stored in the session keyring in the kernel. We can see the content of the keyring with keyctl:
Access to the session keyring survives over fork/exec, also sudo and chroot. We can see it inside
However this changes when connecting to sshd running in crouton:
I imagine there's a way to share the keyring or key with the process tree running under sshd, but I haven't figured that out yet. |
I ran into this problem as well while trying to use spacemacs via Secure Shell into my local chroot. I couldn't compile latex files, and soon realized I couldn't write anything into the mounted ~/Downloads folder. A solution that worked for me was to run emacs as a daemon on start-up (through sudo enter-chroot). Then, when I connect to the server using emacsclient in Secure Shell, emacs (and its shell/terminal) will have the necessary key. |
@AlexLewandowski That's a good idea. I've been thinking of something similar, which is to run sshd under my own user instead of as root. OpenSSH doesn't really support that, though, and I haven't looked for an ssh daemon that would. Another possibility is to run a local terminal instead of Secure Shell. But SS always has the latest hterm.js which is important to me. |
I also have this issue, please let me know if there is any data that I can provide. I can create directories but not files |
@awlnx I switched to running crosh in a window, instead of running sshd and connecting to it. It's been working great. |
I found a easy way to keep the key session,using tmux
Next time you ssh USERNAME@127.0.0.1 and just attach the tmux session by the |
can duplicate. |
I suspect that this may be related to the fact that some versions of ChromeOS encrypt what eventually maps to |
I also am experiencing this issue (since a recent update, Debian sid) -- I'm happy to help debug if anyone wants to try to track it down. It makes ~/Downloads unusable (either for reading or writing) from my crouton shells. |
I am seeing this issue on a Asus C101PA with both Debian Buster & Ubuntu Bionic running CrOS 78.0.3904.106 |
The "quick and dirty" fix for this is to comment out the line revoking the key during
The point is that Debian/Ubuntu now revokes the keys when doing |
Thanks for the "quick and dirty" fix. It works great. I agree, not the most elegant, but at least my editor can save to Just to be clear for others, one needs to edit the |
I didn't have an su-1 file and my su file didn't have that line so I searched in pam.d and found that it was in /etc/pam.d/sshd. Commented it out there and I can modify files in my ~/Downloads folder from ssh. Thanks a bunch! edit this was on xenial with the cli-extra chroot. |
I'd like to mention that on CloudReady v78 and Debian 10 Buster + XFCE both workarounds worked. That is to say in crosh
works and editing the /edc/pam.d/ files to comment out
Just one method is necessary to get the key in the OS. |
I also encountered this problem when i use linuxdeploy on my android phone,my device is Redmi note7 pro,When I tried to change the USEPAM in sshd_config to no, the problem was solved. Hope that helps. |
Logout of the chroot then..
you will be prompted to enter a key for the encryption.
|
In bullseye this fixed the problem. It makes the Downloads folder useful, as in I can read and write to it. I commented out the line in the su-l file inside the chroot, and all is well! |
Please describe your issue:
When I try to do write (reading is fine) action with Downloads directory, I always got:
Writing outside of Downloads is fine:
Mounts:
What else can I provide?
The text was updated successfully, but these errors were encountered: