SSH Private Key Permissions using Git GUI or ssh-keygen are too open

Question

Recently I\'ve been unable to clone or push to github, and I\'m trying to find the root cause.

This is on windows

I have cygwin + git as well as msy

Answer 1

This is a particularly involved problem on Windows, where it's not enough to just chmod the files correctly. You have to set up your environment.

On Windows, this worked for me:

1. Install cygwin.

2. Replace the msysgit ssh.exe with cygwin's ssh.exe.

3. Using cygwin bash, chmod 600 the private key file, which was "id_rsa" for me.

4. If it still doesn't work, go to Control Panel -> System Properties -> Advanced -> Environment Variables and add the following environment variable. Then repeat step 3.
   
   Variable      Value
   CYGWIN      sbmntsec

Answer 2

I had the same issue on Windows 10 where I tried to SSH into a Vagrant box. This seems like a bug in the old OpenSSH version. What worked for me:

1. Install the latest OpenSSH from http://www.mls-software.com/opensshd.html
2. where.exe ssh

(Note the ".exe" if you are using Powershell)

You might see something like:

C:\Windows\System32\OpenSSH\ssh.exe
C:\Program Files\OpenSSH\bin\ssh.exe
C:\opscode\chefdk\embedded\git\usr\bin\ssh.exe

Note that in the above example the latest OpenSSH is second in the path so it won't execute.

To change the order:

1. Right-click Windows button -> Settings -> "Edit the System Environment Variables"
2. On the "Advance" tab click "Environment Variables..."
3. Under System Variables edit "Path".
4. Select "C:\Program Files\OpenSSH\bin" and "Move Up" so that it appears on the top.
5. Click OK
6. Restart your Console so that the new environment variables may apply.

Answer 3

I had the same problem on Windows XP just recently. I tried to chmod 700 on my ~/.ssh/id_rsa file but it did not seem to work. When I had a look at the permissions using ls -l on the ~/.ssh/id_rsa I could see that my effective permissions still was 644.

Then I remembered that windows permissions also inherit permissions from the folders, and the folder was still open to everyone. A solution could be to set permissions for the folder as well, but I think a better way would be to tell the system to ignore inheritance for this file. This can be done using the advanced option on the security tab in the properties of the file, and unchecking "inherit from parent permissions..."

This might be helpful for others with the same problem.

Answer 4

I'm on XP and this allowed Git Bash to communicate w/ Github (after much frustration):

1. copy c:\cygwin\bin\cyg* (~50 files) to c:\Program Files\Git\bin\
2. copy c:\cygwin\bin\ssh.exe to c:\Program Files\Git\bin\ (overwriting)

3. Create the file c:\Documents and Settings\<username>\.ssh\config containing:

   Host github.com
       User git
       Hostname github.com
       PreferredAuthentications publickey
       IdentityFile "/cygdrive/c/Documents and Settings/<username>/.ssh/id_rsa"
   

4. (optional) Use ssh -v git@github to see the connection debugged.

5. Try a push!

Background: The general problem is a combination of these two:

• BUG: mingw32 sees all files as 644 (other/group-readable), and nothing I tried in mingw32, cygwin, or Windows could fix it.
• mingw32's SSH version won't allow that for private keys (generally a good policy in a server).

Answer 5

@koby's answer doesn't work for me, so I make a little change.

cd ~/.ssh
chmod 700 id_rsa.pub

This works well for me on Mac.

Answer 6

After comming across the problem recently and this being one of the top google results i thought i would chip in with a simple work around documented in discussion here: http://code.google.com/p/msysgit/issues/detail?id=261#c40

Simply involves overwriting the mysys ssh.exe with your cygwin ssh.exe