Please help with copying openvpn keys to local machine

Hi all, first post here on the forums. I'm really tearing my hair out trying to get openvpn to work and was wondering if someone could help guide me through it. My problem is that I am unable to copy the certificates and keys from my server to the local machine. This is my first time using scr command but I do have experience with linux command line.

I tried every combination of scr using guides on the internet and instructions provided by Linode and was finally able to copy client.conf from the server to the root directory of my client machine as per instructions. VPN connection did not work and after deciding to start again from scratch I realized I had failed to copy my certificates and keys from /etc/openvpn/easy-rsa/2.0/keys.

Now the scp command I had used is not working. I don't know what's wrong but it times out and I am following the instructions to a tee. I read up on how to use sftp and was able to copy all the files I needed from keys directory except for one. It is saying permission denied. I have no idea why it won't let me and why scp is not working for me.

Help! I feel like I am so close to getting openvpn to work and it was the main reason I decided to get a vps. Thanks in advance.

7 Replies

With a hypothetical command line of

scp file ruser@your.linode:/path/to/somewhere/

the "permission denied" message probably means that ruser doesn't have access to write in the directory /path/to/somewhere/. Options include specifying a remote user that does have that access, or you could do something like this:

scp file ruser@your.linode:.

and then log in to your Linode and get a root shell. You can then chmod /home/ruser/file to the correct ownership and mv the file from /home/ruser/ to /path/to/somewhere/.

Thanks Vance, I will try that tonight and report back.

Also, there was no /etc/openvps directory on client machine (Ubuntu 12.10 client)so I installed openvps on local machine using apt-get install. I guess I needed to do this to create the directory to place the files? Maybe I could have just created a directory?

I also need to configure for a Windows 7 client so I installed the openvps client for Windows and it created a directory under Program Files for me to place the certificate and keys.

Thanks again.

I checked and the file had the same owner but different group owner. Also had slightly different permissions than the other files but the permissions should have allowed copying. I used chown and chmod to change group ownership and give most permissive rights to file and directory I was copying to. Also tried copying file to a different directory. All gave same permission denied error. I'm guessing this is some kind of connection issue but what I don't understand is why the other two files copied over using scp command.

I decided that it may be easier to do this using Putty and graphical WinSCP front end but I was unable to login using Putty as I have username login disabled on server and will need to temporarily re-enable and generate SSH keys for this client so I need to go back and read up on how to do that. I thought maybe having logins disabled was causing problem copying file but that doesn't explain why I was able to copy the other two files using same command to same directory.

I had tried using both root and user in scp command though, and still don't understand if it would make a difference since I am using key-based authentication. Perhaps ssh logins are disabled but the account permissions still applying when issuing commands such as scp? I'm still terribly confused.

Assuming the sshd configuration on your Linode allows root logins, then scp-ing a file onto it shouldn't result in a permission denied error.

Also, the second command line example I gave should also always succeed, since a user should always have write access to his own home directory.

If you could provide the actual commands you're using and the error messages you get, that would help quite a bit. Using the -v option for scp will get you some additional debugging information that may help.

(As an aside, I can help you work on the file transfer issue but don't know anything about OpenVPN so can't speak to that.)

Thanks for taking the time to help me. I do appreciate it. The problem seems to be that I am able to transfer a file using scp from the client machine to my Linode server, but not from the server to the client machine.

The strange thing is that a few days ago I was able to transfer two files from my Linode server to the client machine using the same command and user. I have the proof because the two files are in my home directory on my client machine.

I am using the following command from my Linode server(I changed the username and IP address slightly but you get what I mean):

scp ca.crt iceclimber@192.158.1.101:

The cursor will flash for a long time and then I get the following error message:

"ssh: connect to host 192.158.1.101 port 22: Connection timed out"

So I try by hostname:

scp ca.crt iceclimber@hostname:

and recieve message "Could not resolve hostname".

Nothing has changed as far as my configuration. I do have root and user ssh login disabled but I was able to transfer files since then. I am about to re-enable logins but what's strange is that that doesn't seem to be the problem.

Also, I can ping my Linode server from client machine but not ping client machine from Linode server. I think the router is blocking ping requests on my end but I still thought it would be possible to use scp since I believe it is using ssh with key authentication anyway.

Any ideas? I would like to know what I'm doing wrong for future use. Thanks again.

Ah, OK. If no ssh daemon is running on your client machine, you're not going to be able to ssh/scp from the Linode to the client. There could also be a firewall blocking things (yours or your ISP's), or the usernames/credentials might be different between machines.

Perhaps the simplest fix would be to run the following from the client:

scp ruser@your.linode:/path/to/somewhere/file /some/local/path/

You can use scp to either "push" or "pull" files - if you specify a remote host and path first followed by a local path, the file will be pulled from your Linode to the client.

If you want to copy a file to the current directory, you can just specify a dot as the local path.

Edit: the above will also work with pscp (PuTTY's scp) if your client is a Windows machine.

That did it! I was thinking that if the ssh command was working then that was all I needed. I had to install openssh-server and edit sshd_config to allow passwords and root login.

Also had to open port 22 in ufw (forgot that I had installed a firewall). Like you said, I issued the command from the client to pull the file and this worked. Still need to try to push a file from Linode just to see if it will work but I'm sure it will.

OpenVPN still isn't working, but that's another issue. I'm going to check my router to see if vpn traffic is being blocked and if I still have problems I might start another thread for help with configuring OpenVPN. Thanks, Vance.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct