Applies To:
All versions of Venafi Trust Protection Platform (as of May 2016)
Symptom:
When Rotating SSH Keys you may receive the Error: Key at (computername/home/userid)/.ssh/rsa_id Failed to Provision: Could not retrieve file information when rotating SSH Keys
If you enable debug logging you will see the further error: The SSH library is received from [IP_Address] on port 22 the response mkdir: cannot create directory `/var/tmp/.venafiTempPutDir-1864524509': Permission denied to the command mkdir -p /var/tmp/.venafiTempPutDir-1864524509.
The Keys will not be rotated
Cause:
When the TPP Platform creates directories and performs work in the tmp directory of a target Server it does not expect to need to use SUDO, so even if use SUDO is ticked in the device configuration this command will fail if the account being used does not have rwx to the tmp folder without elevating to SUDO.
Resolution:
Change permissions to the tmp directory so that the account being used has these permissions without elevated permissions. Typically the default permissions on the tmp folder are 1777.
Comments