Fix “Permissions are too open … private key will be ignored”By neokrates, written on April 25, 2010 |
 howto |
- neokrates
- Email: uwarov@yahoo.com
- Website: http://www.thinkplexx.com
- Join date: 05-31-09
- Posts: 20
Rate it
(No Ratings Yet)
Loading ...
Ad
Poll
Your skill as shell programmer is?
- No skill (35%, 7 Votes)
- FreeTime coder (acceptable) (25%, 5 Votes)
- Developer (good) (15%, 3 Votes)
- Novice (15%, 3 Votes)
- Admin (very good) (10%, 2 Votes)
- Guru (perfect) (0%, 0 Votes)
Total Voters: 20
Loading ...
Most popular search terms:
You try to login on remote host, and get “Permissions are too open”. Setting permissions normally fixes that.
The problem is, that the private key you are using must remain private. If you permit others to read it, that condition is not satisfied.
Software:
- Ubuntu linux
- OpenSSH
Should also work for:
- Any openSSH with any Unix based system
| 1 |
OpenSsh ignores the key. Permissions are too open…
You typed something like ssh -i ~/.ssh/id_rsa_targethost [email protected] and this is what openSsh says:
me@myhome:~$ ssh -i ~/.ssh/id_rsa_targethost myuser@my.targethost.com @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/home/me/.ssh/id_rsa_targethost' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /home/me/.ssh/id_rsa_targethost
If you try ls, you see that others can do things with your private key:
me@myhome:~$ ls -All /home/me/.ssh/id_rsa_targethost -rw-r--r-- 1 me me 986 2010-04-25 14:33 /home/me/.ssh/id_rsa_targethost
| 2 |
Change permissions
Only owner can read and write the private key:
chmod 600 /home/me/.ssh/id_rsa_targethost
Or more human readable:
chmod a-rwx /home/me/.ssh/id_rsa_targethost chmod u+rw /home/me/.ssh/id_rsa_targethost
| 3 |
Should work now
Check:
me@myhome:~$ ls -All /home/me/.ssh/id_rsa_targethost -rw------- 1 me me 986 2010-04-25 14:33 /home/me/.ssh/id_rsa_targethost
Should work now. Have fun!
|
LEARN MORE (amazon bookstore)
|
|
TAGS
|
|
SOCIAL
|
|
Thank you A LOT. This helped me so much.
Cheers.
Like or Dislike:
3 
0
Thanx a lot, this saved me some time… and a LOT of trouble
Like or Dislike:
1 
0
you are welcome
Like or Dislike:
1 
0
Thanks for sharing this. Was helpful.
Like or Dislike:
0 
0
Initially I skipped changing the permissions (by accident) and ever since then ssh refuses to use the id_rsa file.
I even removed the file, generated a new key and even tried renaming the id_rsa file, but all to no avail
It’s like ssh remembers the one slip-up and refuses to give me a second chance – very frustrating…
Like or Dislike:
0 
0
- did ssh ever worked on your system?
- Do you directly point the key you want to use with -i option?
like
ssh -i ~/.ssh/id_rsa_targethost [email protected].What does the ssh say?
- You can also try to create another user and try all again under this new user.
Like or Dislike:
0 
0
It’s been working fine for another user for ages.
Yes, I’m using the -i option.
ssh simply asks for my password.
Terry
Like or Dislike:
0 
0
Thanks man , this is really helpful.
Like or Dislike:
0 
0
Well.. My private key placed on truecrypt mounted partition, and i can’t change permission at key file.. And what to do in this case?
Like or Dislike:
0 
0
I also use truecrypt, never had problems setting permissions on files inside truecrypt disk…
Why can’t you?
Do you use linux or windows? Is the key file owned by your user?
Like or Dislike:
0 
0
Thanks!!
Like or Dislike:
0 
0
[...] Fix “Permissions are too open … private key will be ignored” [...]
Like or Dislike:
0 
0