Load Key Aws Pem Bad Permissions

pem": bad permissions Permission denied (publickey). This private key will be ignored. OpenLDAP Faq-O-Matic: OpenLDAP Software FAQ: Configuration: How do I use TLS/SSL? Transport Layer Security (TLS) is the standard name for the Secure Socket Layer (SSL). Add to the mix, news stories which seem to indicate that not all of the established CAs can be. The default for this approach assumes that a node can access the Chef website so that it may download the Chef Infra Client package from that location. #AWS - Credentials. When you deploy an application into AWS, you will soon realize that the cloud is much more than a collection of servers in someone else's data center. Let's take a scenario If you want to move your daily basis log into s3 bucket than you must download that logs form you ec2 instance first then you have to upload that logs manually from AWS console to your S3 bucket. ssh -i "key-aws. Here is the code that will load the popular mnist digits data and apply Support Vector Classifier. Load key "/Users/lby/key. This is your actual certificate that you received from the certificate authority. You can use NTFS permissions to lock down IUSR's ability to access content on your site even more. Let's launch a Spark cluster on EC2 and do some computations in our Zeppelin notebook. pem format. bad permissions: ignore key: ~/. pem: You are about to be asked to enter information that will be incorporated into your certificate request. This can be done by logging into your Amazon Web Services account through the AWS console, clicking Key Pairs on the left sidebar, and creating and downloading a key. Default installation of Nessus uses a self-signed SSL certificate. OpenLDAP Faq-O-Matic: OpenLDAP Software FAQ: Configuration: How do I use TLS/SSL? Transport Layer Security (TLS) is the standard name for the Secure Socket Layer (SSL). pem are too open. It took me longer than I want to admit to get Docker working on AWS, in no small part because the AWS docs use a lot of jargon (although Amazon Web Services in Plain English does help), so my goal is to make this tutorial accessible to both AWS deployment newbies and Docker deployment newbies (note: if you're a Docker development newbie, you. Make sure that you set the permissions for the private key file to 600 (i. You can generate, use, rotate, and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys. Public Key Authentication in Clouds. Load key "AWS_LightSail_01. bad permissions: ignore key: /Users/amazon. This private key will be ignored. chmod 400 keras. › Use IAM Roles and Temporary Credentials: IAM roles can be used to define permission levels for different resources and applications that run on EC2 instances. pem)’s permission is not correct, you should remove other group/users permission from the. pem -new -x509 -days 7300 -sha256 -out ca. Very simple to do SSH key authentication. so we have to create new login keys for them. Add to the mix, news stories which seem to indicate that not all of the established CAs can be. To do this run the following command, making sure to use the correct path to your. ssh/id_rsa file after creation to 0600. This private key will be ignored. openssl genrsa -out privatekey. This guide describes how to generate and use a private/public key pair to log in to a remote system with SSH using PuTTY. pem private key to. pem --bits 2048 b – Create a public key for your InfluxDB server $ sudo certtool --generate-self-signed --load-privkey server-key. -Use aws cli to interact with AWS with the IAM user configured. com: Permission denied (publickey). pem bad permission , fix aws key permissions are too open on August 19, 2016 by adiyatmubarak. ssh/amazon-openvpn. Selecting 1 will print the example configuration file template to standard output. It enables multiple devs to work on the same application. pem' are too open. Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!. Step 4: First of all, let us understand what actually bad permissions on a “Private key. openssl x509 -inform der -in xenserver1. pem": bad permissions. ssh/your-key-pair. The Amazon Web Services (AWS) provide a wide range of cloud tools. only you can read and write it) so that ssh will work. pem debug1: No more authentication methods to try. It is required that your private key files are NOT accessible by others. @ @@@@@ Permissions 0644 for 'YOUR-PEM-FILE. To perform PowerShell management tasks, you'll need a computer that runs PowerShell version 3. pem You'll get a load of output, part of which is the. Ecosynth is a lab at UMBC developing a suite of tools used to map and measure vegetation in three dimensions using off-the-shelf digital cameras and open-source computer vision (CV) software, from the ground or using low altitude (<130m) light-weight aircraft. When running the CURL command, make sure to point to this CA file. WordPress is one of the most popular blogging platforms in the world, in use on over 60 million websites (according to Wikipedia). The Serverless Framework needs access to your cloud provider account so that it can create and manage resources on your behalf. ppk file before you can connect to your instance using PuTTY. You can now get free https certificates (incuding wildcard certificates) from the non-profit certificate authority Let's Encrypt!This is a website that will take you through the manual steps to get your free https certificate so you can make your own website use https!. But you shouldn’t share keys between users. This private key will be ignored. 0L (Only install this if you are a software developer needing 32-bit OpenSSL for Windows. They can accept the certificate manually but you should tell them the certificate’s fingerprint so they can verify it. Note: when browsing for your pem file be sure to select All Files in the dropdown list that is located to the right of the File name field. pem: You are about to be asked to enter information that will be incorporated into your certificate request. VMware View certificate tips: How to prevent VDI user confusion such as whether to proceed to a page with a bad security instead of the previous Java-based. ssh/id_rsa **NOTE** :…. Change the file type to search for to All Files. starcluster/config. AWS key pair will be in the standard private key format with. If you experience warning like above. pem' are too open. Compare Amazon Elastic Compute Cloud (EC2) to alternative Infrastructure-as-a-Service Solutions. On Windows I use PuTTY to ssh to the remote instance. Error: Load key "xxxxxxxx. Load key "YYF_Frankfurt. I'm sharing with you my notes to help. In this article, I’ll explain the five big steps required to turn on your own SQL Server in Amazon’s datacenters. 175 that has just installed on my EC2 instance. Currently this resource requires an existing user-supplied key pair. One of the key responsibilities of a database administrator is to make sure all the SQL Server instances they manage are secure. You go to S3 console on AWS dashboard and create a bucket. It is required that your private key files are NOT accessible by others. $ openssl rsa -noout -text -in server. The options are http-01 (which uses port 80) and dns-01 (requiring configuration of a DNS server on port 53, though that’s often not the same machine as your webserver). pem": bad permissions Permission denied (publickey). For each user who will execute continuous data loads using Snowpipe, generate a public-private key pair for making calls to the Snowpipe REST endpoints. By creating the appropriate policies on our bucket and the role used by our Lambda function, we can enforce any requests for files in the bucket from the Lambda function to use the S3 endpoint and remain within the Amazon network. You2d need to convert is to ssh before using it. So we need to change the. Create a load balancer, and register the Amazon EC2 instance with it. This private key will be ignored. pem Create CSR using an existing private key openssl req –out certificate. This private key will be ignored表示私钥被忽略. pem Keep in mind that if you keep all of your keys in the ~/. AWS Access Keys. > chmod 400 ~/yuddomack. ssh/id_rsa file after creation to 0600. But you shouldn't share keys between users. (More technically, it is information for future use that is stored by the server on the client side of a client/server communication. Check the contents of key_name, if the agent says invalid format, then there's something wrong with the key - like. For simplicities sake I ensured that I was in the directory where the. bad permissions: ignore key: /app/. pem": bad permissions Permission denied (publickey). Let’s take a scenario If you want to move your daily basis log into s3 bucket than you must download that logs form you ec2 instance first then you have to upload that logs manually from AWS console to your S3 bucket. CertificateChain (string) --The base64 PEM-encoded certificate chain. pem key pair file you downloaded before and load it into Puttygen. This private key will be ignored. Private key. In this article, we'll focus on giving you an introduction to launching servers in Amazon's cloud service known as 'Amazon Web Services' or AWS for short. You may have access to alternatives including your own server, in which case the AWS-specific parts can be ignored or modified to suit your environment. pem; Now run the ssh command again, you can login to amazon EC2 Ubuntu Linux server successfully. This is the script after I try to ssh with my private key @@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@ Permissions 0644 for 'MyPrivateKey. pem (line 2). Load and parse a public key. Determine the MTU using ping. Click "Key Pairs" in the left nav and then Create Key Pair button. pem": bad permissions. YOUR APPS—FAST, AVAILABLE, AND SECURE—IN ANY CLOUD. Please help me. CertificateChain (string) --The base64 PEM-encoded certificate chain. If the policy indicates non-exportable, then the private key isn't a part of the value when retrieved as a secret. It seems like I need to change the permission on the private key file. Having done a grep on my main. Notice the -i bastion. js on Amazon EC2 You can use the following steps to create a web server that you can use for the Node. This private key will be ignored. pem' are too open. Step3: In FileZilla homepage enter the host details (public IP, elastic IP or the public DNS) ,and enter the username in the relevant field. Missing key or. bad permissions: ignore key: xxxxx. Elastic Load balancing to distribute traffic across multiple web server instances 5. Click on the "Key Pairs" tab then click "Create a New Key Pair". pem Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Selecting 1 will print the example configuration file template to standard output. are you sure that's the correct key?Even if it's not the private key you need, the ssh agent won't return invalid format if the key is working, you simply won't be able to connect. Load your SSH private key in PuTTY Key Generator. Each Region is a separate geographic area. How to Launch a Linux Virtual Machine in AWS. It is also not necessary. I followed the instruction and use chmod 400 to change permission. Make sure that you set the permissions for the private key file to 600 (i. It is required that your private key files are NOT accessible by others. Note that this is a default build of OpenSSL and is subject to local and state laws. prm --outfile server-cert. I'm sharing with you my notes to help. pem' ----- You are about to. pem bad permission , fix aws key permissions are too open on August 19, 2016 by adiyatmubarak. bad permissions: ignore key: xxxxx. The one year of free service is called the AWS Free Usage Tier. pem 파일의 권한이 too much하다는 뜻으로 chmod 명령을 사용하여 권한을 400으로 수정해줍니다. Step 2 - Now, convert the ppk file to pem file using puttygen command line tool. Today’s tutorial is actually a chapter for my upcoming book. What does this script do?-Load the at the user defined values for VPC,Subnet, Security Policy. 初次使用 Key Pair 登入 EC2 可能會遇到這個警告. This private key will be ignored. puttygen server1. Launch your instance. pem key file to the bastion. ppk key of your AWS instance and then click ok. Every file and folder on your Windows computer has individual permissions settings. micro instance based on the public AWS Ubuntu image can now be done as follows. Anyway, in the instance's description I can see the Key pair name is the same as my ppk and pem files. The policy used to create the certificate must indicate that the key is exportable. ssh files so you can log into the server later. From the certificate and private key used in StorageGRID for the Object Storage endpoint, you can concatenate them with the following command: cat example. AWS Elastic Load Balancer (ELB) Tutorial How-To for Amazon Web Services EC2 instances. ssh directory (or any other directory, really), you may need to adjust the permissions for that directory as well. Then save this file by hitting Control + X then the y key then the Enter key, or save it normally if using a different text editor. pem file by following the tutorial provided given below: Steps To Launch An Amazon EC2 Instance If you've already signed up for Amazon Web Services (AWS), you can start using Amazon EC2. This is because the private key file (. With the labs, there are three main ways to generate a key pair. XXX: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Option 2: Automating Snowpipe with AWS Lambda¶. In a two-year study, security vulnerabilities of connected devices in hospitals were demonstrated. ssh/ArchVPS. bad permissions: ignore key: /app/. Secure key management is essential to protect data in the cloud. In this post, I used my Linux laptop as the local client. CertificateChain (string) --The base64 PEM-encoded certificate chain. Both permissions should work. The configuration template provided by StarCluster should be ready to go out-of-the-box after filling in your Amazon Web Services credentials and setting up a keypair. pfx –inkey key. It is required that your private key files are NOT accessible by others. secretkey: Your aws secret key. AWS Lambda is a compute service that runs when triggered by an event and executes code that has been loaded into the system. Load key "aws. Please note that key pairs are per region. The certificate CN or SAN must match the DNS-resolvable domain name that you used as the hostname for Harbor. pem file to PuTTY’s. By creating the appropriate policies on our bucket and the role used by our Lambda function, we can enforce any requests for files in the bucket from the Lambda function to use the S3 endpoint and remain within the Amazon network. Once you install it on you PC you need to generate a ppk file (PuTTY Private Key) using PuTTYgen and the pem file. ssh/ArchVPS. How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting. Keep the key file safe and private. In combination of AWS S3 and with other AWS services developers can build scalable and durable applications and back ends. This private key will be ignored. Any search for a data bag (or a data bag item) must specify the name of the data bag and then provide the search query string that will be used during the search. pem": bad permissions [email protected] pem key if it is publicly visible. In the server authentication section, look for the link to the AWS IoT Root CA file. chmod 600 ***. – Alexander Vorontsov Jan 6 '16 at 13:51. pem -out xenserver1. CertificateChain (string) --The base64 PEM-encoded certificate chain. pem": bad permissions. pem (this enables permission in VPC) SSH into this instance and hit yes Elevate and run yum update Internal Facing Network Select customer VPC configured in Step 1 ACloudGuru-VPC Subnet. For example:. Access to EC2 instances via SSH can not be restricted to specific users. @ @@@@@ Permissions 0555 for '. @ warning: unprotected private key file! Permissions 0677 for ' key. Step 3: Create A Security Group. Private key. Most cloud providers exercise a shared responsibility model that enterprises need to take into account when tackling workload security. So there are two ways you can use the PuTTY key to login to the server and/or transfer files: Convert the PuTTY private key (. You will be asked to enter some details in the second step. pem’ are too open. It is required that your private key files are NOT accessible by others. Let's launch a Spark cluster on EC2 and do some computations in our Zeppelin notebook. pem": bad permissions. Amazon EC2 is among the more potent items in Amazon's web services arsenal. $ openssl rsa -noout -text -in server. pem file requires a certainly permission level. ssh -i key 地址 ;使用密钥登录时的 Permissions 0644 for '你的. You've probably heard of many of the other services such as S3 for storage and FPS for payments. Instead just create an IAM user and add full permission to that user on S3 bucket. puttygen server1. [Update 2015-06-16: Upgrade to latest aws-cli command syntax] Amazon recently launched the ability to upload your own ssh public key to EC2 so that it can be passed to new instances when they are launched. Go into your AWS "Account" page and click on the "Security Credentials" link. step and end up with both a key and cert. Fourth Task: Create and Configure the AWS Lambda Permissions. ssh/id_rsa Fix: Change the permissions of the ~/. I have Docker version 18. Load key"0112. This is the script after I try to ssh with my private key @@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@ Permissions 0644 for 'MyPrivateKey. pem": bad permissions [email protected] starcluster/config. chmod 400 ~/. 2t Light: 3MB Installer. In addition, most of the Power BI cmdlets require the use of a PowerShell session in which administrative permissions are allowed; this is also referred to as an elevated PowerShell session. pem' are too open. Permissions in Windows 7 determine which users can access, modify, and delete files and folders. Click on Save private key (because this is still a private key) to save it in a format that PuTTY can use. 以下のコマンドで自分だけが読めるようにパーミッションを変更します。 chmod 400 my-key. By default Docker (and by extension Docker Swarm) has no authentication or authorization on its API, relying instead on the filesystem security of its unix socket /var/run/docker. PrivateKey (string) --The encrypted private key associated with the public key in the certificate. Let’s take a scenario If you want to move your daily basis log into s3 bucket than you must download that logs form you ec2 instance first then you have to upload that logs manually from AWS console to your S3 bucket. pem": bad permissions Permission denied (publickey). pem key file to the bastion. Warning #1: Object Stores are not filesystems. If you connect to your instance using SSH and get any of the following errors, Host key not found in [directory], Permission denied (publickey), or Authentication failed, permission denied, verify that you are connecting with the appropriate user name for your AMI and that you have specified the proper private key (. Amazon Cloud Servers For Beginners: Console VS Command-Line 2017-03-20 - By Robert Elder Introduction. AWS will check this and deny entry if the file is not. First thing first, I have many instances where readers have come back for additional information or looking for this page after 3 months to renew their SSL certificates. Over the last decade, Lowell has personally written more than 1000 articles which have been viewed by over 250 million people. pem 4096 $ openssl req -key ca. All Amazon Web services work with PEM files for certificates and you'll note none of the files we received were in that format. You need a AWS account, with an EC2 key pair, and credentials with AmazonEC2FullAccess policy. After having created a new Linux instance on Amazon EC2, and downloaded the. This private key will be ignored. pem ' are too open. In addition, most of the Power BI cmdlets require the use of a PowerShell session in which administrative permissions are allowed; this is also referred to as an elevated PowerShell session. If you need to connect to a server that only accepts public keys for SSH connection this is a step-by-step tutorial on how to use PuTTY to establish a secure connection via Public. By creating the appropriate policies on our bucket and the role used by our Lambda function, we can enforce any requests for files in the bucket from the Lambda function to use the S3 endpoint and remain within the Amazon network. Same semantics as aws_access_key_id above. pem key if it is publicly visible. Login to AWS Management Console: Select your preferred Region: You can open the Amazon EC2 console, by clicking on services button available at the upper left corner of your window after login. pem changes user permissions on the key file so that it's not readable or writable by just anyone. YOUR APPS—FAST, AVAILABLE, AND SECURE—IN ANY CLOUD. When configuring session, specify path to your private key on SSH > Authentication page of Advanced Site Settings dialog. The app which hosted the REST client was a WCF application, deployed in IIS. In addition, grant sufficient privileges on the objects for the data load (i. pem key to access the VPS, I get a "Permission Denied. AWS accounts include 12 months of free tier access, including use of Amazon EC2, Amazon S3, and Amazon DynamoDB. Do not forget to set permissions for the InfluxDB user and group. Before using Putty, you will need to reformat the PEM key into a Putty-compatible format. However, the permission did not. This is your actual certificate that you received from the certificate authority. pem are too open. key & Certificate. pem' are too open. This private key will be ignored. $ chmod og-r /home//privatekey/abc. If you'd like to discuss Linux-related problems, you can use our forum. AWS Elastic Load Balancer (ELB) Tutorial How-To for Amazon Web Services EC2 instances. The cloud is here to stay, regardless of how you access data day to day. pem": bad permissions Permission denied (publickey). Step 4: First of all, let us understand what actually bad permissions on a “Private key. These instructions can also be used to add a passphrase to a key that was created without one. This is only half the battle, since you will also need to extract the signed subject public key. pem Permission denied (publickey). pem' are too open. Editor's note: This article is the fourth and final in an ongoing series on SQL Server security. lucasloucacom) and download your key pair (i. This has not been easy. 1 : Log only a summary message on TLS handshake completion — no logging of remote SMTP server certificate trust-chain verification errors if server certificate verification is not required. pem": bad permissions. For all those beginners just starting off with AWS, here is how to SSH to EC2 Instance on AWS - A Step-by-step guide by 99 Robots. Amazon Lightsail makes it really easy to host a private Wordpress blog for as little as $5 USD a month. pem": bad permissions Permission denied (publickey). Note You can provide empty strings for your access and secret keys to run the driver on an ec2 instance and handles authentication with the instance’s credentials. We'll manually provision a single EC2 instance (i. The public key appears in the box titled "Public key for pasting into OpenSSH authorized_keys file. Chat on an Amazon EC2 instance; Hosting a domain name with Amazon Route 53. chmod 400 keras. aws: fix warning: unprotected private key file! I just moved my project to another laptop including ". A bastion host, or jump box, with a public IP within your VPC from which you can secure shell into your VMs. pem 1024 openssl req -new -key privatekey. com: Permission denied (publickey, gssapi-keyex, gssapi-with-mic). pem You'll be asked to fill out details for what it is you're securing and you'll skip the send-away-to-Root-Auth. Load key "aws-grgrjnjn. pem (line 2). pem' are too open. How to create a 3D Terrain with Google Maps and height maps in Photoshop - 3D Map Generator Terrain - Duration: 20:32. @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@ Permissions 0664 for ‘AWS_LightSail_01. pem Permission denied (publickey,gssapi-keyex,gssapi-with-mic). pem file to PuTTY's. More information on SSH keys is available here. It seems like I need to change the permission on the private key file. It is required that your private key files are NOT accessible by others. Normally we would do this with a pfx file, put the password in and assign permissions on that cert. You can convert the aws pem file to ppk using puttygen. Load key ". Every file and folder on your Windows computer has individual permissions settings. Amazon EC2 provides you the ability to place resources, such as instances, and data in multiple locations. A key pair is used to control login access to EC2 instances. This summer’s infamous Capital One breach is the most prominent recent example. Error: Load key "xxxxxxxx. Note: There's a screencast of steps one through four at the end of step five below. Click "Key Pairs" in the left nav and then Create Key Pair button. Beyond this it’s just like regular Rsync, so just follow the on-screen commands and you get secured file transfer between your local machine and your remote AWS EC2 instance. ssh/amazon-openvpn. Load key "fsocietybr. RSA is popular format use to create asymmetric key pairs those named public and private key. This private key will be ignored. 以下のコマンドで自分だけが読めるようにパーミッションを変更します。 chmod 400 my-key. In this blog post, you will learn how to perform remote development on a Raspberry Pi (or Amazon EC2 server). 아마존 웹 서비스는 다른 웹 사이트나 클라이언트측 응용 프로그램에 대해 온라인 서비스를 제공하고 있다. What you are about to enter is what is called a Distinguished Name or a DN. registry key: In the Windows 98, CE, NT, and 2000 operating systems, a registry key is an organizational unit in the Windows registry , an internal database the computer uses to store configuration information. The fact-checkers, whose work is more and more important for those who prefer facts over lies, police the line between fact and falsehood on a day-to-day basis, and do a great job. Today, my small contribution is to pass along a very good overview that reflects on one of Trump’s favorite overarching falsehoods. Namely: Trump describes an America in which everything was going down the tubes under  Obama, which is why we needed Trump to make America great again. And he claims that this project has come to fruition, with America setting records for prosperity under his leadership and guidance. “Obama bad; Trump good” is pretty much his analysis in all areas and measurement of U.S. activity, especially economically. Even if this were true, it would reflect poorly on Trump’s character, but it has the added problem of being false, a big lie made up of many small ones. Personally, I don’t assume that all economic measurements directly reflect the leadership of whoever occupies the Oval Office, nor am I smart enough to figure out what causes what in the economy. But the idea that presidents get the credit or the blame for the economy during their tenure is a political fact of life. Trump, in his adorable, immodest mendacity, not only claims credit for everything good that happens in the economy, but tells people, literally and specifically, that they have to vote for him even if they hate him, because without his guidance, their 401(k) accounts “will go down the tubes.” That would be offensive even if it were true, but it is utterly false. The stock market has been on a 10-year run of steady gains that began in 2009, the year Barack Obama was inaugurated. But why would anyone care about that? It’s only an unarguable, stubborn fact. Still, speaking of facts, there are so many measurements and indicators of how the economy is doing, that those not committed to an honest investigation can find evidence for whatever they want to believe. Trump and his most committed followers want to believe that everything was terrible under Barack Obama and great under Trump. That’s baloney. Anyone who believes that believes something false. And a series of charts and graphs published Monday in the Washington Post and explained by Economics Correspondent Heather Long provides the data that tells the tale. The details are complicated. Click through to the link above and you’ll learn much. But the overview is pretty simply this: The U.S. economy had a major meltdown in the last year of the George W. Bush presidency. Again, I’m not smart enough to know how much of this was Bush’s “fault.” But he had been in office for six years when the trouble started. So, if it’s ever reasonable to hold a president accountable for the performance of the economy, the timeline is bad for Bush. GDP growth went negative. Job growth fell sharply and then went negative. Median household income shrank. The Dow Jones Industrial Average dropped by more than 5,000 points! U.S. manufacturing output plunged, as did average home values, as did average hourly wages, as did measures of consumer confidence and most other indicators of economic health. (Backup for that is contained in the Post piece I linked to above.) Barack Obama inherited that mess of falling numbers, which continued during his first year in office, 2009, as he put in place policies designed to turn it around. By 2010, Obama’s second year, pretty much all of the negative numbers had turned positive. By the time Obama was up for reelection in 2012, all of them were headed in the right direction, which is certainly among the reasons voters gave him a second term by a solid (not landslide) margin. Basically, all of those good numbers continued throughout the second Obama term. The U.S. GDP, probably the single best measure of how the economy is doing, grew by 2.9 percent in 2015, which was Obama’s seventh year in office and was the best GDP growth number since before the crash of the late Bush years. GDP growth slowed to 1.6 percent in 2016, which may have been among the indicators that supported Trump’s campaign-year argument that everything was going to hell and only he could fix it. During the first year of Trump, GDP growth grew to 2.4 percent, which is decent but not great and anyway, a reasonable person would acknowledge that — to the degree that economic performance is to the credit or blame of the president — the performance in the first year of a new president is a mixture of the old and new policies. In Trump’s second year, 2018, the GDP grew 2.9 percent, equaling Obama’s best year, and so far in 2019, the growth rate has fallen to 2.1 percent, a mediocre number and a decline for which Trump presumably accepts no responsibility and blames either Nancy Pelosi, Ilhan Omar or, if he can swing it, Barack Obama. I suppose it’s natural for a president to want to take credit for everything good that happens on his (or someday her) watch, but not the blame for anything bad. Trump is more blatant about this than most. If we judge by his bad but remarkably steady approval ratings (today, according to the average maintained by 538.com, it’s 41.9 approval/ 53.7 disapproval) the pretty-good economy is not winning him new supporters, nor is his constant exaggeration of his accomplishments costing him many old ones). I already offered it above, but the full Washington Post workup of these numbers, and commentary/explanation by economics correspondent Heather Long, are here. On a related matter, if you care about what used to be called fiscal conservatism, which is the belief that federal debt and deficit matter, here’s a New York Times analysis, based on Congressional Budget Office data, suggesting that the annual budget deficit (that’s the amount the government borrows every year reflecting that amount by which federal spending exceeds revenues) which fell steadily during the Obama years, from a peak of $1.4 trillion at the beginning of the Obama administration, to $585 billion in 2016 (Obama’s last year in office), will be back up to $960 billion this fiscal year, and back over $1 trillion in 2020. (Here’s the New York Times piece detailing those numbers.) Trump is currently floating various tax cuts for the rich and the poor that will presumably worsen those projections, if passed. As the Times piece reported: