SSH Private Key Permissions using Git GUI or ssh-keygen are too open

Question

Recently I\'ve been unable to clone or push to github, and I\'m trying to find the root cause.

This is on windows

I have cygwin + git as well as msy

Answer 1

OK so here is how I actually forced the change on my Windows files regarding the permissions themselves on Win7: Find your ssh key in windows explorer: C:\Users[your_user_name_here].ssh\id_rsa

Right-click on file>Properties>Security tab>Advanced button>Change permissions

Now remove everyone that is not actually your username. This includes Administrator and System users. At this point you may get a dialogue about inheriting permissions- choose the option that DOESN'T inherit- since we only want to change this file.

Click OK and save till done.

I fought with this for days because my windows would not change the file permissions from the command line. This way it is also ACTUALLY done- instead of using exciting work arounds that make can have odd consequences.

Answer 2

Did you copy the key file from another machine?

I just created an id_rsa file on the client machine then pasted the key in I wanted. No permissions issues. Nothing to set. It just worked. It also works if you use PuTTYgen to create the private key.

Possibly some hidden group issue if you're copying it from another machine.

Tested on two Windows 8.1 machines. Using Sublime Text 3 to copy and paste the private key. Using Git Bash (Git-1.9.4-preview20140611).

Answer 3

Changing file permissions from Properties, disabling inheritance and running chmod 400 didn't work for me. The permissions for my private key file were:

-r--r----- 1 alex None 1766 Mar 8 13:04 /home/alex/.ssh/id_rsa

Then I noticed the group was None, so I just ran

chown alex:Administrators ~/.ssh/id_rsa

Then I could successfully change the permissions with chmod 400, and run a git push.

Answer 4

Not a direct answer to the primary question, but on your question of how cygwin's folder works... As a general rule, cygwin puts all of "your" files under the equiv of c:\cygwin\home\username. It treats that folder for any user-specific settings rather than the Windows user directory.

Answer 5

I solve it running:

chmod 400 ~/.ssh/id_rsa

I hope to help. Good luck.

Answer 6

None of the workarounds suggested here (chmod/chgrp/setfacl/windows perms) worked for me with msys64 on a Windows 7 corporate VM. In the end I worked around the problem by using an ssh agent with the key provided on stdin. Adding this to my .bash_profile makes it the default for my login:

eval $(ssh-agent -s)
cat ~/.ssh/id_rsa | ssh-add -k -

Now I can do git push and pull with ssh remotes.