I had a problem with my mac where I couldn't save any kind of file on the disk anymore. I had to reboot OSX lion and reset the permissions on files and acls.
But now when I want to commit a repository I get the following error from ssh:
Permissions 0777 for '/Users/username/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
What permissions levels should i give to the id_rsa file?
Keys need to be only readable by you:
chmod 400 ~/.ssh/id_rsa
600 appears to be fine as well (in fact better in most cases, because you don't need to change file permissions to edit it).
The relevant portion from the manpage (man ssh)
~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using 3DES. ~/.ssh/identity.pub ~/.ssh/id_dsa.pub ~/.ssh/id_ecdsa.pub ~/.ssh/id_rsa.pub Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.
Using Cygwin in Windows 8.1, there is a command need to be run:
chgrp Users ~/.ssh/id_rsa
Then the solution posted here can be applied, 400 or 600 is OK.
chmod 600 ~/.ssh/id_rsa
Ref: http://vineetgupta.com/blog/cygwin-permissions-bug-on-windows-8
The locale-independent solution that works on Windows 8.1 is:
chgrp 545 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
GID 545 is a special ID that always refers to the 'Users' group, even if you locale uses a different word for Users.
0600 is what mine is set at (and it's working)
AFAIK the values are:
700 for the hidden directory ".ssh" where key file is located
600 for the keyfile "id_rsa"
There is one exception to the "0x00" permissions requirement on a key. If the key is owned by root and group-owned by a group with users in it, then it can be "0440" and any user in that group can use the key.
I believe this will work with any permissions in the set "0xx0" but I haven't tested every combination with every version. I have tried 0660 with 5.3p1-84 on CentOS 6, and the group not the primary group of the user but a secondary group, and it works fine.
This would typically not be done for someone's personal key, but for a key used for automation, in a situation where you don't want the application to be able to mess with the key.
Similar rules apply to the .ssh directory restrictions.
provide 400 permission, execute below command
chmod 400 /Users/username/.ssh/id_rsa
I've got the error in my windows 10 so I set permission as the following and it works.
In details, remove other users/groups until it has only 'SYSTEM' and 'Administrators'. Then add your windows login into it with Read permission only.
Note the id_rsa file is under the c:\users\<username> folder.
On Windows 10, cygwin's chmod and chgrp weren't enough for me. I had to right click on the file -> Properties -> Security (tab) and remove all users and groups except for my active user.
what worked for me
chgrp Users FOLDER
chmod 600 FOLDER
This is what worked for me (on mac)
sudo chmod 600 path_to_your_key.pem
then :
ssh -i path_to_your_key user@server_ip
Hope it help
For me (using the Ubuntu Subsystem for Linux) the error message changed to:
Permissions 0555 for 'key.pem' are too open
after using chmod 400. It turns out that using root as a default user was the reason.
Change this using the cmd:
ubuntu config --default-user your_username
Interesting message here. Operating Systems are smart enough to deny remote connections if your private key is too open. It understands the risk where permissions for id_rsa is wide open (read, is editable by anyone).
{One may change your lock first and then open it with the keys he already has}
cd ~/.ssh
chmod 400 id_rsa
While working on the multiple servers (non-production), most of us feel need to connect remote server with ssh. A good idea is to have a piece of application level code (may be java using jsch) to create ssh trusts between servers. This way connection will be password-less. Incase, perl is installed - one may use net ssh module too.
I got same issue after migration from another mac. And it blocked to connect github by my key.
I reset permission as below and it works well now.
chmod 700 ~/.ssh # (drwx------)
cd ~/.ssh
chmod 644 *.pub # (-rw-r--r--)
chmod 600 id_rsa # (-rw-------)
I have came across with this error while I was playing with Ansible. I have changed the permissions of the private key to 600 in order to solve this problem. And it worked!
chmod 600 .vagrant/machines/default/virtualbox/private_key
I tried 600 level of permission for my private key and it worked for me. chmod 600 privateKey [dev]$ ssh -i privateKey user@ip worked
chmod 755 privateKey [dev]$ ssh -i privateKey user@ip it was giving below issue: Permissions 0755 for 'privateKey' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "privateKey": bad permissions
I am using VPC on EC2 and was getting the same error messages. I noticed I was using the public DNS. I changed that to the private DNS and vola!! it worked...
for Win10 need move your key to user's home dir for linuxlike os you need to chmod to 700 like or 600 etc.
来源:https://stackoverflow.com/questions/9270734/ssh-permissions-are-too-open-error