PermissionError: [Errno 13] Permission denied: '/root/.ssh/crt'

[Gaimoydev]

error info:

Traceback (most recent call last):
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/uvicorn/protocols/http/h11_impl.py", line 407, in run_asgi
result = await app( # type: ignore[func-returns-value]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 69, in __call__
return await self.app(scope, receive, send)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/fastapi/applications.py", line 1054, in __call__
await super().__call__(scope, receive, send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/applications.py", line 123, in __call__
await self.middleware_stack(scope, receive, send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 186, in __call__
raise exc
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 164, in __call__
await self.app(scope, receive, _send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 65, in __call__
await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/_exception_handler.py", line 64, in wrapped_app
raise exc
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
await app(scope, receive, sender)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/routing.py", line 756, in __call__
await self.middleware_stack(scope, receive, send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/routing.py", line 776, in app
await route.handle(scope, receive, send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/routing.py", line 297, in handle
await self.app(scope, receive, send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/routing.py", line 77, in app
await wrap_app_handling_exceptions(app, request)(scope, receive, send)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/_exception_handler.py", line 64, in wrapped_app
raise exc
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
await app(scope, receive, sender)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/starlette/routing.py", line 72, in app
response = await func(request)
^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/fastapi/routing.py", line 278, in app
raw_response = await run_endpoint_function(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/fastapi/routing.py", line 191, in run_endpoint_function
return await dependant.call(**values)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/wwwroot/nekoproxybackend/main.py", line 20, in start
status, result = await utils.start_proxy(player_name, userqq)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/wwwroot/nekoproxybackend/utils.py", line 70, in start_proxy
await ssh_api.ssh_execute(selected_ip, f"wget -O ZBProxy {zbproxy_download_url}")
File "/www/wwwroot/nekoproxybackend/modules/ssh_api.py", line 11, in ssh_execute
async with asyncssh.connect(ip, port=port, username="root",
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/asyncssh/misc.py", line 299, in __aenter__
self._coro_result = await self._coro
^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/asyncssh/connection.py", line 8830, in connect
new_options = await SSHClientConnectionOptions.construct(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/asyncssh/connection.py", line 7112, in construct
return cast(_Options, await loop.run_in_executor(
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/asyncssh/connection.py", line 7103, in __init__
super().__init__(options=options, last_config=last_config, **kwargs)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/asyncssh/misc.py", line 383, in __init__
self.prepare(**self.kwargs)
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/site-packages/asyncssh/connection.py", line 7861, in prepare
if default_x509_cert_path.is_dir():
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/pathlib.py", line 1250, in is_dir
return S_ISDIR(self.stat().st_mode)
^^^^^^^^^^^
File "/www/server/pyporject_evn/nekoproxybackend_venv/lib/python3.11/pathlib.py", line 1013, in stat
return os.stat(self, follow_symlinks=follow_symlinks)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/root/.ssh/crt

code:

import asyncssh
from modules import Api

private_key_path = Api.get_ssh_key_path()
private_key_password = Api.get_ssh_key_password()

async def ssh_execute(ip, command, port=22):
    global private_key_path, private_key_password
    try:
        async with asyncssh.connect(ip, port=port, username="root",
                                    client_keys=[private_key_path],
                                    passphrase=private_key_password,
                                    known_hosts=None) as conn:
            result = await conn.run(command, check=True)

        return result.stdout
    except asyncssh.Error as e:
        Api.logger.error(f"error：{e}")
        return False

async def ssh_execute_with_password(ip, password, command, port=22):
    try:
        async with asyncssh.connect(ip, port=port, username="root",
                                    password=password,
                                    known_hosts=None) as conn:
            result = await conn.run(command, check=True)

        Api.logger.info(f"{ip}: {result.stdout}")
        return result.stdout
    except asyncssh.Error as e:
        Api.logger.error(f"SSH error：{e}")
        return False

> Error thrown when I use ssh_execute and a valid certificate is passed: PermissionError: [Errno 13] Permission denied: '/root/.ssh/crt''

This error doesn't happen on Windows 11, only on Linux

info: Ubuntu22.04 LTS -rwxrwxrwx 1 root root 0 Jan 25 08:22 /root/.ssh/crt

[ronf]

Are you trying to use the X.509 certificate capabilities in AsyncSSH? You shouldn't have something named "crt" in your .ssh directory unless you are, and in that case it should be a directory, not a plain file. When present it is used as a "hash directory" for X.509 certificates you want to use for client authentication.

That said, I'm guessing the error here may be that the .ssh directory is not readable, as I wouldn't expect the isdir() call to fail with a permission error here unless the parent directory is not readable. It may also be that the '/root' directory is not readable.

Are you actually running this client as root on the local machine, with a home directory of /root? Is there a .ssh directory under /root? What are the permissions on /root and /root/.ssh? Are those directories readable by the user you are running as?

[Gaimoydev]

The home directory is /root /root has a .ssh directory The permission for /root/.ssh/crt is 777 Can be read by the user I'm running

It worked fine some time ago, but it hasn't worked recently

[ronf]

What are the permissions on /root and /root.ssh, though? Unless you are running as root, I wouldn't expect those directories to be readable even if /root/.ssh/crt is readable to all.

Also, as I mentioned, 'crt' shouldn't be a plain file. What are you trying to do here with that?

[Gaimoydev]

I'm running as root

[ronf]

If you are truly running as root, I don't know why the OS would give you a "Permission denied". I can get that error here, but only when I'm running as non-root and the directories are only accessible by root. Even when I set the permissions to make /root and /root/.ssh completely unreadable to all, it doesn't given an error when I run as root.

Is /root on a remote volume that might not allow root user access?

If you remove the "crt" file, do you still get this error?

[bitnom]

I'm not running as root and I'm still getting this for some reason.

[ronf]

Unfortunately, there's nothing I can really do about this in AsyncSSH. The error is being returned by your OS. If you're really running as root, the only case where I've seen something like this is when accessing files on a remote volume that doesn't preserve root access.