If you are experiencing a permissions error when performing certain actions the OPC, such as the following:

This issue often appears if there has been a change to the SSH configuration on the host server. As the OPC container uses SSH to connect to the host server to perform actions, a change to the SSH configuration to limit how or who can connect to the host server can block the OPC from working.

The OPC connects to the host server using the deskpro_admin user, and an RSA key generated on installation. Some typical issues and fixes are as follows:

The permissions / ownership of the /home/deskpro_admin/.ssh/authorized_keys file are incorrect

This can be resolved with the following command:

chown -R deskpro_admin: /home/deskpro_admin/.ssh && chmod -R 500 /home/deskpro_admin/.ssh
 copy

The public key does not exist in /home/deskpro_admin/.ssh/authorized_keys

There is a copy of the original public key file in /opt/deskpro/data/opc/provisioner_ssh_key.pub, which will need to be re-added to the authorized keys list with the following command:

cat /opt/deskpro/data/opc/provisioner_ssh_key.pub >> /home/deskpro_admin/.ssh/authorized_keys
 copy

The private key is lost or no longer valid

A new private key will need to be regenerated in /opt/deskpro/data/opc with the following command:

ssh-keygen -P "" -b 4096 -f /opt/deskpro/data/opc/provisioner_ssh_key
 copy

Set the correct permissions to the file:

chown root:deskpro_admin /opt/deskpro/data/opc/provisioner_ssh_key && chmod 500 /opt/deskpro/data/opc/provisioner_ssh_key
 copy

Then, the new public key will need to be authorized:

cat /opt/deskpro/data/opc/provisioner_ssh_key.pub >> /home/deskpro_admin/.ssh/authorized_keys
 copy

Finally, the OPC service will need to be restarted to load the new SSH key:

systemctl restart opc_webgui
 copy

SSHD configuration is blocking access

If you have set a custom configuration in /etc/ssh/sshd_config, you will need to ensure that the deskpro_admin user has the ability to login via public key.