SSH Private Key Permissions using Git GUI or ssh-keygen are too open

Question

Recently I\'ve been unable to clone or push to github, and I\'m trying to find the root cause.

This is on windows

I have cygwin + git as well as msy

Answer 1

What did the trick for me was to update CYGWIN environment variable with: "tty nodosfilewarning". Didn't even need to chmod the key.

Answer 2

FOR MAC USERS:

Change the settings of your key pair file by typing this in the terminal:

chmod og-r *filename.pem*

(make sure you are in the correct directory, or path filename in the command correctly).

Answer 3

There is a bug with cygwin's chmod, please refer to:

https://superuser.com/questions/397288/using-cygwin-in-windows-8-chmod-600-does-not-work-as-expected

chgrp -Rv Users ~/.ssh/* 
chmod -vR 600 ~/.ssh/id_rsa

Answer 4

I never managed to get git to work completely in Powershell. But in the git bash shell I did not have any permission related issues, and I did not need to set chmod etc... After adding the ssh to Github I was up and running.

Answer 5

For *nix systems, the obvious fix is chmod 600 id_rsa ofc, but on windows 7 I had to hit my head against the wall for a while, but then I found the magic solution:

go to My Computer / Right Click / Properties / Advanced System Settings / Environment Variables and DELETE the variable (possibly from both system and user environment):

CYGWIN

Basically, its a flaw in mingw32 used by git windows binary, seeing all files 644 and all folders 755 always. Removing the environment variable does not change that behaviour, but it appearantly tells ssh.exe to ignore the problem. If you do set proper permissions to your id_rsa through explorers security settings (there really is no need to have any other user in there than your own, not "everyone", not "administrators", not "system". none. just you), you'll still be secure.

Now, why mingw32, a different system than cygwin, would make any use of the CYGWIN environment variable, is beyond me. Looks like a bug to me.

Answer 6

You changed the permissions on the whole directory, which I agree with Splash is a bad idea. If you can remember what the original permissions for the directory are, I would try to set them back to that and then do the following

cd ~/.ssh
chmod 700 id_rsa

inside the .ssh folder. That will set the id_rsa file to rwx (read, write, execute) for the owner (you) only, and zero access for everyone else.

If you can't remember what the original settings are, add a new user and create a set of SSH keys for that user, thus creating a new .ssh folder which will have default permissions. You can use that new .ssh folder as the reference for permissions to reset your .ssh folder and files to.

If that doesn't work, I would try doing an uninstall of msysgit, deleting ALL .ssh folders on the computer (just for safe measure), then reinstalling msysgit with your desired settings and try starting over completely (though I think you told me you tried this already).

Edited: Also just found this link via Google -- Fixing "WARNING: UNPROTECTED PRIVATE KEY FILE!" on Linux While it's targeted at linux, it might help since we're talking liunx permissions and such.