Hi Team,
We are facing an issue while using SecureTunneling component provided by AWS itself. Getting following permission related issues when checked "aws.greengrass.SecureTunneling.log" following lines are printed. Moreover, when create tunnel for that specific device from AWS Console. Both the end connection is successfully shown after running localproxy from source token.
But with localproxy while trying to SSH with following command nothing works.
ssh root@localhost -p 5555
On Device "aws.greengrass.SecureTunneling.log" error is as below :
2024-06-27T12:02:38.255Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2024-06-27 12:02:38.254 [pool-3-thread-1] SubscribeResponseHandler - Secure Tunneling Process: 2024-06-27T12:02:38.234Z [WARN] {FileUtils.cpp}: Per
missions to given file/dir path '/tmp/device-client-settings.json90018860253406727291719489691381' is not set to recommended value... {Permissions: {desired: 640, actual: 644}}. {scriptName=services.aws.greengrass.SecureTunneling.lifecyc
le.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
OS installed on device is ubuntu with arm64 architecture. I do have provided merge/update in component with following configuration.
{
"reset": [],
"merge": {
"OS_DIST_INFO": "ubuntu"
}
}
Hello, can you confirm if the tunnel is successfully connected to both source and destination and you do not see any error connecting to your destination device?
@Harsh Gandhi,
Yes on AWS Console Both the "Source connection state" shows "Connected" and "Destination connection state" is also "Connected". In "aws.greengrass.SecureTunneling.log" file I can see following logs
2024-06-28T06:04:00.422Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2024-06-28 06:04:00.421 [pool-3-thread-1] SubscribeResponseHandler - Secure Tunneling Process: 2024- 06-28T06:04:00.407Z [WARN] {FileUtils.cpp}: Permissions to given file/dir path '/tmp/' is not set to recommended value... {Permissions: {desired: 745, actual: 777}}. {scriptName=services.a ws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING} 2024-06-28T06:04:00.422Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2024-06-28 06:04:00.422 [pool-3-thread-1] SubscribeResponseHandler - Secure Tunneling Process: 2024- 06-28T06:04:00.407Z [WARN] {FileUtils.cpp}: Permissions to given file/dir path '/tmp/device-client-settings.json34314196159576202461719554194981' is not set to recommended value... {Permis sions: {desired: 640, actual: 644}}. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING} 2024-06-28T06:04:00.422Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2024-06-28 06:04:00.422 [pool-3-thread-1] SubscribeResponseHandler - Secure Tunneling Process: 2024- 06-28T06:04:00.407Z [WARN] {Config.cpp}
Considering versions and requirements, we do have two devices one device where secure tunneling is working having Python version Python 3.10.6 and nucleus version AWS Greengrass v2.7.0 , other device where secure tunneling not working though on AWS Console we are able to see both status connected having Python 3.12.3 and AWS Greengrass v2.12.6.
When I was doing comparision of logs on both infra printing are same with ERROR of permissions but device having Python version Python 3.10.6 and nucleus version AWS Greengrass v2.7.0 is working properly I am able to do SSH with localproxy after hand sacking.
Thank you for responding back. I do not think the error messages are something you need to worry about. If you check the complete message, you can see they are logged as warning logs. Give us sometime to reproduce the issue locally to see if there is anything I am missing.
Hello, we were not able to reproduce the issue locally. Are you still facing the same issue or were you able to resolve it?