Advertisement
Advertisement


ssh "permissions are too open" error


Question

I had a problem with my mac where I couldn't save any kind of file on the disk anymore. I had to reboot OSX lion and reset the permissions on files and acls.

But now when I want to commit a repository I get the following error from ssh:

Permissions 0777 for '/Users/username/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.

What permissions levels should i give to the id_rsa file?

2014/05/26
1
2144
5/26/2014 11:48:02 PM

Accepted Answer

Keys need to be only readable by you:

chmod 400 ~/.ssh/id_rsa

If Keys need to be read-writable by you:

chmod 600 ~/.ssh/id_rsa

600 appears to be fine as well (in fact better in most cases, because you don't need to change file permissions later to edit it).

The relevant portion from the manpage (man ssh)

 ~/.ssh/id_rsa
         Contains the private key for authentication.  These files contain sensitive 
         data and should be readable by the user but not
         accessible by others (read/write/execute).  ssh will simply ignore a private 
         key file if it is              
         accessible by others.  It is possible to specify a
         passphrase when generating the key which will be used to encrypt the sensitive 
         part of this file using 3DES.

 ~/.ssh/identity.pub
 ~/.ssh/id_dsa.pub
 ~/.ssh/id_ecdsa.pub
 ~/.ssh/id_rsa.pub
         Contains the public key for authentication.  These files are not sensitive and 
         can (but need not) be readable by anyone.
2019/11/07
3626
11/7/2019 4:58:57 AM

Using Cygwin in Windows 8.1, there is a command need to be run:

chgrp Users ~/.ssh/id_rsa

Then the solution posted here can be applied, 400 or 600 is OK.

chmod 600 ~/.ssh/id_rsa

Ref: http://vineetgupta.com/blog/cygwin-permissions-bug-on-windows-8

2014/04/11

The locale-independent solution that works on Windows 8.1 is:

chgrp 545 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa

GID 545 is a special ID that always refers to the 'Users' group, even if you locale uses a different word for Users.

2015/02/21

0600 is what mine is set at (and it's working)

2012/02/14

AFAIK the values are:

700 for the hidden directory ".ssh" where key file is located

600 for the keyfile "id_rsa"

2014/11/13

I've got the error in my windows 10 so I set permission as the following and it works.

Permission for id_rsa of windows 10

In details, remove other users/groups until it has only 'SYSTEM' and 'Administrators'. Then add your windows login into it with Read permission only.

Note the id_rsa file is under the c:\users\<username> folder.

2018/12/08

Source: https://stackoverflow.com/questions/9270734
Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Email: [email protected]