1 Answer
- Newest
- Most votes
- Most comments
1
You can change the file permission with a chmod command.
Additionally, AWS IoT Secure Tunneling might run into connectivity issues even if the tunnel is open. One possible solution is to rotate the client access tokens. If you’re not sure whether the client access token needs to be rotated on the source or destination, you can rotate the client access token on both the source and destination by setting ClientMode to ALL when using the RotateTunnelAccessToken API.
Look at the doc: https://docs.aws.amazon.com/iot/latest/developerguide/iot-secure-tunneling-troubleshooting.html
Relevant content
- Accepted Answerasked a month ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
Hello, can you confirm if the tunnel is successfully connected to both source and destination and you do not see any error connecting to your destination device?
@Harsh Gandhi,
Yes on AWS Console Both the "Source connection state" shows "Connected" and "Destination connection state" is also "Connected". In "aws.greengrass.SecureTunneling.log" file I can see following logs
2024-06-28T06:04:00.422Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2024-06-28 06:04:00.421 [pool-3-thread-1] SubscribeResponseHandler - Secure Tunneling Process: 2024- 06-28T06:04:00.407Z [WARN] {FileUtils.cpp}: Permissions to given file/dir path '/tmp/' is not set to recommended value... {Permissions: {desired: 745, actual: 777}}. {scriptName=services.a ws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING} 2024-06-28T06:04:00.422Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2024-06-28 06:04:00.422 [pool-3-thread-1] SubscribeResponseHandler - Secure Tunneling Process: 2024- 06-28T06:04:00.407Z [WARN] {FileUtils.cpp}: Permissions to given file/dir path '/tmp/device-client-settings.json34314196159576202461719554194981' is not set to recommended value... {Permis sions: {desired: 640, actual: 644}}. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING} 2024-06-28T06:04:00.422Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2024-06-28 06:04:00.422 [pool-3-thread-1] SubscribeResponseHandler - Secure Tunneling Process: 2024- 06-28T06:04:00.407Z [WARN] {Config.cpp}
Considering versions and requirements, we do have two devices one device where secure tunneling is working having Python version Python 3.10.6 and nucleus version AWS Greengrass v2.7.0 , other device where secure tunneling not working though on AWS Console we are able to see both status connected having Python 3.12.3 and AWS Greengrass v2.12.6.
When I was doing comparision of logs on both infra printing are same with ERROR of permissions but device having Python version Python 3.10.6 and nucleus version AWS Greengrass v2.7.0 is working properly I am able to do SSH with localproxy after hand sacking.
Thank you for responding back. I do not think the error messages are something you need to worry about. If you check the complete message, you can see they are logged as warning logs. Give us sometime to reproduce the issue locally to see if there is anything I am missing.
Hello, we were not able to reproduce the issue locally. Are you still facing the same issue or were you able to resolve it?