[GH-ISSUE #133] SignatureDoesNotMatch #82

New issue

Closed

opened 2026-03-04 01:41:52 +03:00 by kerem · 11 comments

kerem commented 2026-03-04 01:41:52 +03:00

Owner

Copy link

Originally created by @Simon-87 on GitHub (Feb 28, 2015).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/133

Hi!
I have got a problem using the latest version of s3fs.
OS: CentOS Linux release 7.0.1406 (Core)
Kernel: 3.14.18-x86_64-jb1 #2 SMP Mon Sep 15 05:23:31 CEST 2014 x86_64 x86_64 x86_64 GNU/Linux
S3 Bucket Region: eu-central-1
Mountcommand: s3fs -d mybucketname /s3mnt -oendpoint=eu-central-1 -oallow_other

Every time i try to copy a file lager than 5MB to the S3 bucket, i get this error:
SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.

Copying files up to ~5MB to the bucket works correctly. And receiving files from amazon also.

I hope someone could help me.

Originally created by @Simon-87 on GitHub (Feb 28, 2015). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/133 Hi! I have got a problem using the latest version of s3fs. OS: CentOS Linux release 7.0.1406 (Core) Kernel: 3.14.18-x86_64-jb1 #2 SMP Mon Sep 15 05:23:31 CEST 2014 x86_64 x86_64 x86_64 GNU/Linux S3 Bucket Region: eu-central-1 Mountcommand: s3fs -d mybucketname /s3mnt -oendpoint=eu-central-1 -oallow_other Every time i try to copy a file lager than 5MB to the S3 bucket, i get this error: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method. Copying files up to ~5MB to the bucket works correctly. And receiving files from amazon also. I hope someone could help me.

kerem closed this issue 2026-03-04 01:41:52 +03:00

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@ggtakec commented on GitHub (Mar 1, 2015):

@Simon-87 I'm sorry about bugs, I merged PR by @andrewgaul into master branch.
Please test latest codes.
@andrewgaul Thanks very much.

<!-- gh-comment-id:76597977 --> @ggtakec commented on GitHub (Mar 1, 2015): @Simon-87 I'm sorry about bugs, I merged PR by @andrewgaul into master branch. Please test latest codes. @andrewgaul Thanks very much.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@delx commented on GitHub (Apr 14, 2015):

I cloned the master branch (07e007052a), but I still get the error: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.

<!-- gh-comment-id:92701984 --> @delx commented on GitHub (Apr 14, 2015): I cloned the master branch (07e007052aa0fa3009dc562e28d9a60f8467a15f), but I still get the error: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@ggtakec commented on GitHub (Apr 14, 2015):

@delx
I reopen this issue.

And I tried to check s3fs with same option as you( but another region ), and got no problem.(ex under/over 5MB file uploading etc)
If you have debug messages from s3fs, please let me know.
And please check your credential(/etc/passwd-s3fs or $HOME/.passwd-s3fs).

Thanks in advance for your assistance.

<!-- gh-comment-id:92883332 --> @ggtakec commented on GitHub (Apr 14, 2015): @delx I reopen this issue. And I tried to check s3fs with same option as you( but another region ), and got no problem.(ex under/over 5MB file uploading etc) If you have debug messages from s3fs, please let me know. And please check your credential(/etc/passwd-s3fs or $HOME/.passwd-s3fs). Thanks in advance for your assistance.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@delx commented on GitHub (Apr 14, 2015):

@ggtakec: Thank you very much for your quick answer.

I created a new bucket "s3fs-fuse-test" in Frankfurt (eu-central-1). I enabled versioning on this bucket. Then I created a new user "s3fs-fuse-test" with an access key. I added the following inline policy to the new user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1412627213000",
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::s3fs-fuse-test",
                "arn:aws:s3:::s3fs-fuse-test/*"
            ]
        }
    ]
}

Then I added the access key and secure key separated by a colon to my /etc/passwd-s3fs. The secure key contains multiple plus signs and a slash. If you contact me privately I can share the keys. Then I created the directory /mnt/s3fs-fuse-test as root. I executed the s3fs command also as root:

root~# /opt/s3fs-fuse/bin/s3fs s3fs-fuse-test /mnt/s3fs-fuse-test -d -f -o allow_other,uid=33
    set_moutpoint_attribute(3530): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
s3fs_init(2713): init
s3fs_check_service(3070): check services.
    CheckBucket(2518): check a bucket.
    insertV4Headers(1954): computing signature [GET] [/] [] []
    url_to_host(99): url is http://s3.amazonaws.com
    RequestPerform(1616): connecting to URL http://s3fs-fuse-test.s3.amazonaws.com/
    RequestPerform(1632): HTTP response code 400
    RequestPerform(1646): HTTP response code 400 was returned, returing EIO.
CheckBucket(2556): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-central-1'</Message><Region>eu-central-1</Region><RequestId>[cut]</RequestId><HostId>[cut]</HostId></Error>
s3fs_check_service(3103): Could not connect wrong region us-east-1, so retry to connect region eu-central-1.
    CheckBucket(2518): check a bucket.
    insertV4Headers(1954): computing signature [GET] [/] [] []
    url_to_host(99): url is http://s3.amazonaws.com
    RequestPerform(1616): connecting to URL http://s3fs-fuse-test.s3.amazonaws.com/
    RequestPerform(1632): HTTP response code 403
    RequestPerform(1651): HTTP response code 403 was returned, returning EPERM
CheckBucket(2556): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>[cut]</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20150414T154258Z
20150414/eu-central-1/s3/aws4_request
[cut]</StringToSign><SignatureProvided>[cut]</SignatureProvided><StringToSignBytes>[cut]</StringToSignBytes><CanonicalRequest>GET
/

host:s3fs-fuse-test.s3.eu-central-1.amazonaws.com
x-amz-content-sha256:[cut]
x-amz-date:20150414T154258Z

host;x-amz-content-sha256;x-amz-date
[cut]</CanonicalRequest><CanonicalRequestBytes>[cut]</CanonicalRequestBytes><RequestId>[cut]</RequestId><HostId>[cut]</HostId></Error>
s3fs: Failed to access bucket.
root:~#

I'm using the latest master branch.

Thank you very much in advance.

<!-- gh-comment-id:92928664 --> @delx commented on GitHub (Apr 14, 2015): @ggtakec: Thank you very much for your quick answer. I created a new bucket "s3fs-fuse-test" in Frankfurt (eu-central-1). I enabled versioning on this bucket. Then I created a new user "s3fs-fuse-test" with an access key. I added the following inline policy to the new user: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1412627213000", "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::s3fs-fuse-test", "arn:aws:s3:::s3fs-fuse-test/*" ] } ] } ``` Then I added the access key and secure key separated by a colon to my /etc/passwd-s3fs. The secure key contains multiple plus signs and a slash. If you contact me privately I can share the keys. Then I created the directory /mnt/s3fs-fuse-test as root. I executed the s3fs command also as root: ``` root~# /opt/s3fs-fuse/bin/s3fs s3fs-fuse-test /mnt/s3fs-fuse-test -d -f -o allow_other,uid=33 set_moutpoint_attribute(3530): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755) s3fs_init(2713): init s3fs_check_service(3070): check services. CheckBucket(2518): check a bucket. insertV4Headers(1954): computing signature [GET] [/] [] [] url_to_host(99): url is http://s3.amazonaws.com RequestPerform(1616): connecting to URL http://s3fs-fuse-test.s3.amazonaws.com/ RequestPerform(1632): HTTP response code 400 RequestPerform(1646): HTTP response code 400 was returned, returing EIO. CheckBucket(2556): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-central-1'</Message><Region>eu-central-1</Region><RequestId>[cut]</RequestId><HostId>[cut]</HostId></Error> s3fs_check_service(3103): Could not connect wrong region us-east-1, so retry to connect region eu-central-1. CheckBucket(2518): check a bucket. insertV4Headers(1954): computing signature [GET] [/] [] [] url_to_host(99): url is http://s3.amazonaws.com RequestPerform(1616): connecting to URL http://s3fs-fuse-test.s3.amazonaws.com/ RequestPerform(1632): HTTP response code 403 RequestPerform(1651): HTTP response code 403 was returned, returning EPERM CheckBucket(2556): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>[cut]</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256 20150414T154258Z 20150414/eu-central-1/s3/aws4_request [cut]</StringToSign><SignatureProvided>[cut]</SignatureProvided><StringToSignBytes>[cut]</StringToSignBytes><CanonicalRequest>GET / host:s3fs-fuse-test.s3.eu-central-1.amazonaws.com x-amz-content-sha256:[cut] x-amz-date:20150414T154258Z host;x-amz-content-sha256;x-amz-date [cut]</CanonicalRequest><CanonicalRequestBytes>[cut]</CanonicalRequestBytes><RequestId>[cut]</RequestId><HostId>[cut]</HostId></Error> s3fs: Failed to access bucket. root:~# ``` I'm using the latest master branch. Thank you very much in advance.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@ggtakec commented on GitHub (Apr 18, 2015):

I merged #168.
I close this issue, if this problem is kept, please reopen this issue.
Thank you very much.

<!-- gh-comment-id:94145927 --> @ggtakec commented on GitHub (Apr 18, 2015): I merged #168. I close this issue, if this problem is kept, please reopen this issue. Thank you very much.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@jurov commented on GitHub (Jun 22, 2015):

I have installed current master (commit 8f85e5e) and got the same problem.

# /usr/local/bin/s3fs -f -d jvtest111:/test /tmp/test -o endpoint="eu-central-1"                                                                                                                                                                                                                                  
    set_moutpoint_attribute(4025): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
s3fs_init(3209): init
s3fs_check_service(3568): check services.
    CheckBucket(2537): check a bucket.
    insertV4Headers(1973): computing signature [GET] [/test/] [] []
    url_to_host(99): url is http://s3.amazonaws.com
    RequestPerform(1631): connecting to URL http://jvtest111.s3.amazonaws.com/test/
    RequestPerform(1665): HTTP response code 403 was returned, returning EPERM
CheckBucket(2575): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIAIV757V6N4JXPDBXQ</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20150622T200346Z
20150622/eu-central-1/s3/aws4_request
575d81ff6cd3806cef7416d32fb31914f8752eed7711c811f002885007088f09</StringToSign><SignatureProvided>ede5dd6cc8a5624056fd7b63dd5f595d9861638425f272e6d109c4a466b2a0bd</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 35 30 36 32 32 54 32 30 30 33 34 36 5a 0a 32 30 31 35 30 36 32 32 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 35 37 35 64 38 31 66 66 36 63 64 33 38 30 36 63 65 66 37 34 31 36 64 33 32 66 62 33 31 39 31 34 66 38 37 35 32 65 65 64 37 37 31 31 63 38 31 31 66 30 30 32 38 38 35 30 30 37 30 38 38 66 30 39</StringToSignBytes><CanonicalRequest>GET
/test/

host:jvtest111.s3.eu-central-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20150622T200346Z

host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 74 65 73 74 2f 0a 0a 68 6f 73 74 3a 6a 76 74 65 73 74 31 31 31 2e 73 33 2e 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 35 30 36 32 32 54 32 30 30 33 34 36 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>91637EA80DDB6D3C</RequestId><HostId>8BMu1mVZ9OLoklHsGBsgmo23NWhWY0r/QoLBHGbDrrm8aS9Ls9af2Mt2uggNn5Q+bjK7q8/g7PI=</HostId></Error>
s3fs_check_service(3611): Could not connect, so retry to connect by signature version 2.
    CheckBucket(2537): check a bucket.
    RequestPerform(1631): connecting to URL http://jvtest111.s3.amazonaws.com/test/
    RequestPerform(1660): HTTP response code 400 was returned, returing EIO.
CheckBucket(2575): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>B397317C3F07874A</RequestId><HostId>Fvm318WoV/o7m9PfOSTw0zS0Ok0rzkwxI/t/uFzLI4Br0gDa1GHVKwNDM9GTqwh+6/1+Pl9ZvUY=</HostId></Error>
s3fs: Bad Request

<!-- gh-comment-id:114243787 --> @jurov commented on GitHub (Jun 22, 2015): I have installed current master (commit 8f85e5e) and got the same problem. ``` # /usr/local/bin/s3fs -f -d jvtest111:/test /tmp/test -o endpoint="eu-central-1" set_moutpoint_attribute(4025): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755) s3fs_init(3209): init s3fs_check_service(3568): check services. CheckBucket(2537): check a bucket. insertV4Headers(1973): computing signature [GET] [/test/] [] [] url_to_host(99): url is http://s3.amazonaws.com RequestPerform(1631): connecting to URL http://jvtest111.s3.amazonaws.com/test/ RequestPerform(1665): HTTP response code 403 was returned, returning EPERM CheckBucket(2575): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIAIV757V6N4JXPDBXQ</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256 20150622T200346Z 20150622/eu-central-1/s3/aws4_request 575d81ff6cd3806cef7416d32fb31914f8752eed7711c811f002885007088f09</StringToSign><SignatureProvided>ede5dd6cc8a5624056fd7b63dd5f595d9861638425f272e6d109c4a466b2a0bd</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 35 30 36 32 32 54 32 30 30 33 34 36 5a 0a 32 30 31 35 30 36 32 32 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 35 37 35 64 38 31 66 66 36 63 64 33 38 30 36 63 65 66 37 34 31 36 64 33 32 66 62 33 31 39 31 34 66 38 37 35 32 65 65 64 37 37 31 31 63 38 31 31 66 30 30 32 38 38 35 30 30 37 30 38 38 66 30 39</StringToSignBytes><CanonicalRequest>GET /test/ host:jvtest111.s3.eu-central-1.amazonaws.com x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date:20150622T200346Z host;x-amz-content-sha256;x-amz-date e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 74 65 73 74 2f 0a 0a 68 6f 73 74 3a 6a 76 74 65 73 74 31 31 31 2e 73 33 2e 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 35 30 36 32 32 54 32 30 30 33 34 36 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>91637EA80DDB6D3C</RequestId><HostId>8BMu1mVZ9OLoklHsGBsgmo23NWhWY0r/QoLBHGbDrrm8aS9Ls9af2Mt2uggNn5Q+bjK7q8/g7PI=</HostId></Error> s3fs_check_service(3611): Could not connect, so retry to connect by signature version 2. CheckBucket(2537): check a bucket. RequestPerform(1631): connecting to URL http://jvtest111.s3.amazonaws.com/test/ RequestPerform(1660): HTTP response code 400 was returned, returing EIO. CheckBucket(2575): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>B397317C3F07874A</RequestId><HostId>Fvm318WoV/o7m9PfOSTw0zS0Ok0rzkwxI/t/uFzLI4Br0gDa1GHVKwNDM9GTqwh+6/1+Pl9ZvUY=</HostId></Error> s3fs: Bad Request ```

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@jurov commented on GitHub (Jun 22, 2015):

Adding -o url="http://s3-eu-central-1.amazonaws.com" option to above solved the problem completely.

<!-- gh-comment-id:114253304 --> @jurov commented on GitHub (Jun 22, 2015): Adding **-o url="http://s3-eu-central-1.amazonaws.com"** option to above solved the problem completely.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@MattFenelon commented on GitHub (Jan 14, 2016):

I'm getting the same problem with a bucket in the eu-west-1 region, using https.

s3fs bucket-name . -d -o url=https://s3.amazonaws.com -o endpoint=eu-west-1 

INF]       curl.cpp:CheckBucket(2647): check a bucket.
[INF]       curl.cpp:prepare_url(4140): URL is https://s3.amazonaws.com/bucket-name/
[INF]       curl.cpp:prepare_url(4172): URL changed is https://bucket-name.s3.amazonaws.com/
[INF]       curl.cpp:insertV4Headers(2069): computing signature [GET] [/] [] []
[INF]       curl.cpp:url_to_host(99): url is https://s3.amazonaws.com
[INF]       curl.cpp:RequestPerform(1760): HTTP response code 403 was returned, returning EPERM
[ERR] curl.cpp:CheckBucket(2685): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>ASIAJFWFZI5B6C7MVW5Q</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20160114T142555Z
20160114/eu-west-1/s3/aws4_request
0470e6c52afaab745d206134a98d82916c2a11b87efb5a48186fc38a0ee1ae9a</StringToSign><SignatureProvided>b01f491455f73e4d4b1da3b829b4996d6c773401c5f340f4edc8c8590ae0d178</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 36 30 31 31 34 54 31 34 32 35 35 35 5a 0a 32 30 31 36 30 31 31 34 2f 65 75 2d 77 65 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 30 34 37 30 65 36 63 35 32 61 66 61 61 62 37 34 35 64 32 30 36 31 33 34 61 39 38 64 38 32 39 31 36 63 32 61 31 31 62 38 37 65 66 62 35 61 34 38 31 38 36 66 63 33 38 61 30 65 65 31 61 65 39 61</StringToSignBytes><CanonicalRequest>GET
/

host:bucket-name.s3-eu-west-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20160114T142555Z
x-amz-security-token:AQoDYXdzEEca4ANBkxCAH4j3c/jJO5Q+gXcFK1GiY4AKIDioDFJMZ+NtqrMm02Xp4n9afkRLWdZCVKIgL0m+/ni3kCQqdzDH5qK1i5sSVV5VjhSUPQGTxgX4qf2IzOWiWkpJox7vEudxnjfbE9tAXSiUwgUcNq81ovzNIAgwvZ7W+9vZD+FuCM3XMsCtYYKXeqnp81EHw7h7R8Fe4K7h5/Sj3bmUSgtHYFatrFwM8JRVwhDXcPKKNZlFQIZXenEANFkRa/RVNiskzEBdshugnmhbs44ZzIo5ANXzUr5JbxBx3a0YoutboNGE2JAZIWN1Ez1HGgzrrKJiy9/IMEg+BNvLujZnEOsGuUu32+LVatotC+Vy6TZcC33PTjzJEYF7r7fnEWAr2JH6vd8CoKsyItXDV8JiVDJ1WDD4IeWKsfn/QJDNIWT3ewpdAGxrVzcan6t54cuGrtoA1DyS9rcQy823CHqYeeQ3a/bJRJhy1hA8BMQs03Lx+OmL8Jd2YbzPHKUtjiMoCkB38cWfcTMqYmfDOBNvxMzEhRZokO3GpgkE2AKDuJCeW8PbLAKZzKurhzATKLLeGP2cPmgHz4qr8DiRAoVdsPCWiRIvkZsURfqJs2Hi4hgR5xuSoa91ZffdSpFoE4yNfkEcQ/Qgx8PetAU=

host;x-amz-content-sha256;x-amz-date;x-amz-security-token
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 0a 0a 68 6f 73 74 3a 69 66 70 2d 70 6f 72 74 61 6c 2d 74 65 73 74 2d 73 66 74 70 2d 72 65 70 6f 72 74 73 2e 73 33 2d 65 75 2d 77 65 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 36 30 31 31 34 54 31 34 32 35 35 35 5a 0a 78 2d 61 6d 7a 2d 73 65 63 75 72 69 74 79 2d 74 6f 6b 65 6e 3a 41 51 6f 44 59 58 64 7a 45 45 63 61 34 41 4e 42 6b 78 43 41 48 34 6a 33 63 2f 6a 4a 4f 35 51 2b 67 58 63 46 4b 31 47 69 59 34 41 4b 49 44 69 6f 44 46 4a 4d 5a 2b 4e 74 71 72 4d 6d 30 32 58 70 34 6e 39 61 66 6b 52 4c 57 64 5a 43 56 4b 49 67 4c 30 6d 2b 2f 6e 69 33 6b 43 51 71 64 7a 44 48 35 71 4b 31 69 35 73 53 56 56 35 56 6a 68 53 55 50 51 47 54 78 67 58 34 71 66 32 49 7a 4f 57 69 57 6b 70 4a 6f 78 37 76 45 75 64 78 6e 6a 66 62 45 39 74 41 58 53 69 55 77 67 55 63 4e 71 38 31 6f 76 7a 4e 49 41 67 77 76 5a 37 57 2b 39 76 5a 44 2b 46 75 43 4d 33 58 4d 73 43 74 59 59 4b 58 65 71 6e 70 38 31 45 48 77 37 68 37 52 38 46 65 34 4b 37 68 35 2f 53 6a 33 62 6d 55 53 67 74 48 59 46 61 74 72 46 77 4d 38 4a 52 56 77 68 44 58 63 50 4b 4b 4e 5a 6c 46 51 49 5a 58 65 6e 45 41 4e 46 6b 52 61 2f 52 56 4e 69 73 6b 7a 45 42 64 73 68 75 67 6e 6d 68 62 73 34 34 5a 7a 49 6f 35 41 4e 58 7a 55 72 35 4a 62 78 42 78 33 61 30 59 6f 75 74 62 6f 4e 47 45 32 4a 41 5a 49 57 4e 31 45 7a 31 48 47 67 7a 72 72 4b 4a 69 79 39 2f 49 4d 45 67 2b 42 4e 76 4c 75 6a 5a 6e 45 4f 73 47 75 55 75 33 32 2b 4c 56 61 74 6f 74 43 2b 56 79 36 54 5a 63 43 33 33 50 54 6a 7a 4a 45 59 46 37 72 37 66 6e 45 57 41 72 32 4a 48 36 76 64 38 43 6f 4b 73 79 49 74 58 44 56 38 4a 69 56 44 4a 31 57 44 44 34 49 65 57 4b 73 66 6e 2f 51 4a 44 4e 49 57 54 33 65 77 70 64 41 47 78 72 56 7a 63 61 6e 36 74 35 34 63 75 47 72 74 6f 41 31 44 79 53 39 72 63 51 79 38 32 33 43 48 71 59 65 65 51 33 61 2f 62 4a 52 4a 68 79 31 68 41 38 42 4d 51 73 30 33 4c 78 2b 4f 6d 4c 38 4a 64 32 59 62 7a 50 48 4b 55 74 6a 69 4d 6f 43 6b 42 33 38 63 57 66 63 54 4d 71 59 6d 66 44 4f 42 4e 76 78 4d 7a 45 68 52 5a 6f 6b 4f 33 47 70 67 6b 45 32 41 4b 44 75 4a 43 65 57 38 50 62 4c 41 4b 5a 7a 4b 75 72 68 7a 41 54 4b 4c 4c 65 47 50 32 63 50 6d 67 48 7a 34 71 72 38 44 69 52 41 6f 56 64 73 50 43 57 69 52 49 76 6b 5a 73 55 52 66 71 4a 73 32 48 69 34 68 67 52 35 78 75 53 6f 61 39 31 5a 66 66 64 53 70 46 6f 45 34 79 4e 66 6b 45 63 51 2f 51 67 78 38 50 65 74 41 55 3d 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 3b 78 2d 61 6d 7a 2d 73 65 63 75 72 69 74 79 2d 74 6f 6b 65 6e 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>D19E896ADF84297A</RequestId><HostId>CUqsTHRYGLkypuIDsFkEI1P5VqJtmV0oaFXksWwCmIUwyJCE0M8v91FueBTO5KOg4kHO5p7POwQ=</HostId></Error>
[WAN] s3fs.cpp:s3fs_check_service(3714): Could not connect, so retry to connect by signature version 2.
[INF]       curl.cpp:CheckBucket(2647): check a bucket.
[INF]       curl.cpp:prepare_url(4140): URL is https://s3.amazonaws.com/bucket-name/
[INF]       curl.cpp:prepare_url(4172): URL changed is https://bucket-name.s3.amazonaws.com/
[INF]       curl.cpp:RequestPerform(1743): HTTP response code 200

Changing the command to set the url parameter to eu-west-1 fixes the problem.

s3fs ifp-portal-test-sftp-reports /var/sftp/nt/nt-sftp-test-user -d -o url=https://s3-eu-west-1.amazonaws.com -o endpoint=eu-west-1

[INF]       curl.cpp:CheckBucket(2647): check a bucket.
[INF]       curl.cpp:prepare_url(4140): URL is https://s3-eu-west-1.amazonaws.com/bucket-name/
[INF]       curl.cpp:prepare_url(4172): URL changed is https://bucket-name.s3-eu-west-1.amazonaws.com/
[INF]       curl.cpp:insertV4Headers(2069): computing signature [GET] [/] [] []
[INF]       curl.cpp:url_to_host(99): url is https://s3-eu-west-1.amazonaws.com
[INF]       curl.cpp:RequestPerform(1743): HTTP response code 200

<!-- gh-comment-id:171660769 --> @MattFenelon commented on GitHub (Jan 14, 2016): I'm getting the same problem with a bucket in the eu-west-1 region, using https. ``` s3fs bucket-name . -d -o url=https://s3.amazonaws.com -o endpoint=eu-west-1 ``` ``` INF] curl.cpp:CheckBucket(2647): check a bucket. [INF] curl.cpp:prepare_url(4140): URL is https://s3.amazonaws.com/bucket-name/ [INF] curl.cpp:prepare_url(4172): URL changed is https://bucket-name.s3.amazonaws.com/ [INF] curl.cpp:insertV4Headers(2069): computing signature [GET] [/] [] [] [INF] curl.cpp:url_to_host(99): url is https://s3.amazonaws.com [INF] curl.cpp:RequestPerform(1760): HTTP response code 403 was returned, returning EPERM [ERR] curl.cpp:CheckBucket(2685): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>ASIAJFWFZI5B6C7MVW5Q</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256 20160114T142555Z 20160114/eu-west-1/s3/aws4_request 0470e6c52afaab745d206134a98d82916c2a11b87efb5a48186fc38a0ee1ae9a</StringToSign><SignatureProvided>b01f491455f73e4d4b1da3b829b4996d6c773401c5f340f4edc8c8590ae0d178</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 36 30 31 31 34 54 31 34 32 35 35 35 5a 0a 32 30 31 36 30 31 31 34 2f 65 75 2d 77 65 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 30 34 37 30 65 36 63 35 32 61 66 61 61 62 37 34 35 64 32 30 36 31 33 34 61 39 38 64 38 32 39 31 36 63 32 61 31 31 62 38 37 65 66 62 35 61 34 38 31 38 36 66 63 33 38 61 30 65 65 31 61 65 39 61</StringToSignBytes><CanonicalRequest>GET / host:bucket-name.s3-eu-west-1.amazonaws.com x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date:20160114T142555Z x-amz-security-token:AQoDYXdzEEca4ANBkxCAH4j3c/jJO5Q+gXcFK1GiY4AKIDioDFJMZ+NtqrMm02Xp4n9afkRLWdZCVKIgL0m+/ni3kCQqdzDH5qK1i5sSVV5VjhSUPQGTxgX4qf2IzOWiWkpJox7vEudxnjfbE9tAXSiUwgUcNq81ovzNIAgwvZ7W+9vZD+FuCM3XMsCtYYKXeqnp81EHw7h7R8Fe4K7h5/Sj3bmUSgtHYFatrFwM8JRVwhDXcPKKNZlFQIZXenEANFkRa/RVNiskzEBdshugnmhbs44ZzIo5ANXzUr5JbxBx3a0YoutboNGE2JAZIWN1Ez1HGgzrrKJiy9/IMEg+BNvLujZnEOsGuUu32+LVatotC+Vy6TZcC33PTjzJEYF7r7fnEWAr2JH6vd8CoKsyItXDV8JiVDJ1WDD4IeWKsfn/QJDNIWT3ewpdAGxrVzcan6t54cuGrtoA1DyS9rcQy823CHqYeeQ3a/bJRJhy1hA8BMQs03Lx+OmL8Jd2YbzPHKUtjiMoCkB38cWfcTMqYmfDOBNvxMzEhRZokO3GpgkE2AKDuJCeW8PbLAKZzKurhzATKLLeGP2cPmgHz4qr8DiRAoVdsPCWiRIvkZsURfqJs2Hi4hgR5xuSoa91ZffdSpFoE4yNfkEcQ/Qgx8PetAU= host;x-amz-content-sha256;x-amz-date;x-amz-security-token e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 0a 0a 68 6f 73 74 3a 69 66 70 2d 70 6f 72 74 61 6c 2d 74 65 73 74 2d 73 66 74 70 2d 72 65 70 6f 72 74 73 2e 73 33 2d 65 75 2d 77 65 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 36 30 31 31 34 54 31 34 32 35 35 35 5a 0a 78 2d 61 6d 7a 2d 73 65 63 75 72 69 74 79 2d 74 6f 6b 65 6e 3a 41 51 6f 44 59 58 64 7a 45 45 63 61 34 41 4e 42 6b 78 43 41 48 34 6a 33 63 2f 6a 4a 4f 35 51 2b 67 58 63 46 4b 31 47 69 59 34 41 4b 49 44 69 6f 44 46 4a 4d 5a 2b 4e 74 71 72 4d 6d 30 32 58 70 34 6e 39 61 66 6b 52 4c 57 64 5a 43 56 4b 49 67 4c 30 6d 2b 2f 6e 69 33 6b 43 51 71 64 7a 44 48 35 71 4b 31 69 35 73 53 56 56 35 56 6a 68 53 55 50 51 47 54 78 67 58 34 71 66 32 49 7a 4f 57 69 57 6b 70 4a 6f 78 37 76 45 75 64 78 6e 6a 66 62 45 39 74 41 58 53 69 55 77 67 55 63 4e 71 38 31 6f 76 7a 4e 49 41 67 77 76 5a 37 57 2b 39 76 5a 44 2b 46 75 43 4d 33 58 4d 73 43 74 59 59 4b 58 65 71 6e 70 38 31 45 48 77 37 68 37 52 38 46 65 34 4b 37 68 35 2f 53 6a 33 62 6d 55 53 67 74 48 59 46 61 74 72 46 77 4d 38 4a 52 56 77 68 44 58 63 50 4b 4b 4e 5a 6c 46 51 49 5a 58 65 6e 45 41 4e 46 6b 52 61 2f 52 56 4e 69 73 6b 7a 45 42 64 73 68 75 67 6e 6d 68 62 73 34 34 5a 7a 49 6f 35 41 4e 58 7a 55 72 35 4a 62 78 42 78 33 61 30 59 6f 75 74 62 6f 4e 47 45 32 4a 41 5a 49 57 4e 31 45 7a 31 48 47 67 7a 72 72 4b 4a 69 79 39 2f 49 4d 45 67 2b 42 4e 76 4c 75 6a 5a 6e 45 4f 73 47 75 55 75 33 32 2b 4c 56 61 74 6f 74 43 2b 56 79 36 54 5a 63 43 33 33 50 54 6a 7a 4a 45 59 46 37 72 37 66 6e 45 57 41 72 32 4a 48 36 76 64 38 43 6f 4b 73 79 49 74 58 44 56 38 4a 69 56 44 4a 31 57 44 44 34 49 65 57 4b 73 66 6e 2f 51 4a 44 4e 49 57 54 33 65 77 70 64 41 47 78 72 56 7a 63 61 6e 36 74 35 34 63 75 47 72 74 6f 41 31 44 79 53 39 72 63 51 79 38 32 33 43 48 71 59 65 65 51 33 61 2f 62 4a 52 4a 68 79 31 68 41 38 42 4d 51 73 30 33 4c 78 2b 4f 6d 4c 38 4a 64 32 59 62 7a 50 48 4b 55 74 6a 69 4d 6f 43 6b 42 33 38 63 57 66 63 54 4d 71 59 6d 66 44 4f 42 4e 76 78 4d 7a 45 68 52 5a 6f 6b 4f 33 47 70 67 6b 45 32 41 4b 44 75 4a 43 65 57 38 50 62 4c 41 4b 5a 7a 4b 75 72 68 7a 41 54 4b 4c 4c 65 47 50 32 63 50 6d 67 48 7a 34 71 72 38 44 69 52 41 6f 56 64 73 50 43 57 69 52 49 76 6b 5a 73 55 52 66 71 4a 73 32 48 69 34 68 67 52 35 78 75 53 6f 61 39 31 5a 66 66 64 53 70 46 6f 45 34 79 4e 66 6b 45 63 51 2f 51 67 78 38 50 65 74 41 55 3d 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 3b 78 2d 61 6d 7a 2d 73 65 63 75 72 69 74 79 2d 74 6f 6b 65 6e 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>D19E896ADF84297A</RequestId><HostId>CUqsTHRYGLkypuIDsFkEI1P5VqJtmV0oaFXksWwCmIUwyJCE0M8v91FueBTO5KOg4kHO5p7POwQ=</HostId></Error> [WAN] s3fs.cpp:s3fs_check_service(3714): Could not connect, so retry to connect by signature version 2. [INF] curl.cpp:CheckBucket(2647): check a bucket. [INF] curl.cpp:prepare_url(4140): URL is https://s3.amazonaws.com/bucket-name/ [INF] curl.cpp:prepare_url(4172): URL changed is https://bucket-name.s3.amazonaws.com/ [INF] curl.cpp:RequestPerform(1743): HTTP response code 200 ``` Changing the command to set the url parameter to eu-west-1 fixes the problem. ``` s3fs ifp-portal-test-sftp-reports /var/sftp/nt/nt-sftp-test-user -d -o url=https://s3-eu-west-1.amazonaws.com -o endpoint=eu-west-1 ``` ``` [INF] curl.cpp:CheckBucket(2647): check a bucket. [INF] curl.cpp:prepare_url(4140): URL is https://s3-eu-west-1.amazonaws.com/bucket-name/ [INF] curl.cpp:prepare_url(4172): URL changed is https://bucket-name.s3-eu-west-1.amazonaws.com/ [INF] curl.cpp:insertV4Headers(2069): computing signature [GET] [/] [] [] [INF] curl.cpp:url_to_host(99): url is https://s3-eu-west-1.amazonaws.com [INF] curl.cpp:RequestPerform(1743): HTTP response code 200 ```

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@ggtakec commented on GitHub (Jan 16, 2016):

Could you try to run s3fs without endpoint option.
s3fs try to connect http(s)://s-.amazonaws.com automatically, after failing to connect first.
If that does not help, you should specify url option.

Thanks in advance for your help.

<!-- gh-comment-id:172163963 --> @ggtakec commented on GitHub (Jan 16, 2016): Could you try to run s3fs without endpoint option. s3fs try to connect http(s)://s-<endpoint>.amazonaws.com automatically, after failing to connect first. If that does not help, you should specify url option. Thanks in advance for your help.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@MattFenelon commented on GitHub (Jan 18, 2016):

@ggtakec Removing the endpoint option and setting url=https://s3.ama... worked. Checking the logs, it looks like s3fs correctly detects the url change, and then uses the region-specific url from that point on. Should the endpoint option be removed?

Thanks for the help.

<!-- gh-comment-id:172496713 --> @MattFenelon commented on GitHub (Jan 18, 2016): @ggtakec Removing the endpoint option and setting url=https://s3.ama... worked. Checking the logs, it looks like s3fs correctly detects the url change, and then uses the region-specific url from that point on. Should the endpoint option be removed? Thanks for the help.

kerem commented 2026-03-04 01:41:53 +03:00

Author

Owner

Copy link

@ggtakec commented on GitHub (Jan 18, 2016):

@MattFenelon
Because endpoint option is for compatibility and there is still a possibility that there is a use value, we are supporting it now.
However, it is an option that should be removed in the future.

Thanks for your reporting.
Regards,

<!-- gh-comment-id:172521908 --> @ggtakec commented on GitHub (Jan 18, 2016): @MattFenelon Because endpoint option is for compatibility and there is still a possibility that there is a use value, we are supporting it now. However, it is an option that should be removed in the future. Thanks for your reporting. Regards,

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.97

v1.96

v1.95

v1.94

v1.93

v1.92

v1.91

v1.90

v1.89

v1.88

v1.87

v1.86

v1.85

v1.84

v1.83

v1.82

v1.81

v1.80

v1.79

v1.78

Pre-v1.78

v1.77

v1.76

v1.75

v1.74

Labels

Clear labels   

bug

  

bug

  

dataloss

  

duplicate

  

enhancement

  

feature request

  

help wanted

  

invalid

  

need info

  

performance

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

testing

No labels

bug

bug

dataloss

duplicate

enhancement

feature request

help wanted

invalid

need info

performance

pull-request

question

question

testing

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/s3fs-fuse#82

No description provided.