Adding SSH private key gives error that 0644 permissions are too open
up vote
8
down vote
favorite
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
New contributor
add a comment |
up vote
8
down vote
favorite
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
New contributor
Possible duplicate of SSH with key passphrase not working
– Jakuje
yesterday
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
yesterday
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
yesterday
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
yesterday
add a comment |
up vote
8
down vote
favorite
up vote
8
down vote
favorite
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
New contributor
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
macos ssh
New contributor
New contributor
edited yesterday
muru
361214
361214
New contributor
asked 2 days ago
Mohamed Mellal
413
413
New contributor
New contributor
Possible duplicate of SSH with key passphrase not working
– Jakuje
yesterday
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
yesterday
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
yesterday
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
yesterday
add a comment |
Possible duplicate of SSH with key passphrase not working
– Jakuje
yesterday
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
yesterday
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
yesterday
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
yesterday
Possible duplicate of SSH with key passphrase not working
– Jakuje
yesterday
Possible duplicate of SSH with key passphrase not working
– Jakuje
yesterday
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
yesterday
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
yesterday
1
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
yesterday
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
yesterday
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
yesterday
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
yesterday
add a comment |
4 Answers
4
active
oldest
votes
up vote
15
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
add a comment |
up vote
8
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
5
Why even allow write access?0400
would be sufficient.
– Ruslan
2 days ago
2
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
yesterday
add a comment |
up vote
3
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
add a comment |
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
There's no point to downvoting this. The permissions are irrelevant if ssh can't understand the key even with correct permissions; futhermore the answer also shows how to set the correct permissions.
– muru
yesterday
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
15
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
add a comment |
up vote
15
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
add a comment |
up vote
15
down vote
up vote
15
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
edited 2 days ago
answered 2 days ago
Nimesh Neema
11.5k42962
11.5k42962
add a comment |
add a comment |
up vote
8
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
5
Why even allow write access?0400
would be sufficient.
– Ruslan
2 days ago
2
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
yesterday
add a comment |
up vote
8
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
5
Why even allow write access?0400
would be sufficient.
– Ruslan
2 days ago
2
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
yesterday
add a comment |
up vote
8
down vote
up vote
8
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
answered 2 days ago
Scott Earle
3,150721
3,150721
5
Why even allow write access?0400
would be sufficient.
– Ruslan
2 days ago
2
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
yesterday
add a comment |
5
Why even allow write access?0400
would be sufficient.
– Ruslan
2 days ago
2
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
yesterday
5
5
Why even allow write access?
0400
would be sufficient.– Ruslan
2 days ago
Why even allow write access?
0400
would be sufficient.– Ruslan
2 days ago
2
2
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
yesterday
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
yesterday
add a comment |
up vote
3
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
add a comment |
up vote
3
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
add a comment |
up vote
3
down vote
up vote
3
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
New contributor
answered 2 days ago
jvb
1312
1312
New contributor
New contributor
add a comment |
add a comment |
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
There's no point to downvoting this. The permissions are irrelevant if ssh can't understand the key even with correct permissions; futhermore the answer also shows how to set the correct permissions.
– muru
yesterday
add a comment |
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
There's no point to downvoting this. The permissions are irrelevant if ssh can't understand the key even with correct permissions; futhermore the answer also shows how to set the correct permissions.
– muru
yesterday
add a comment |
up vote
0
down vote
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
answered yesterday
Jakuje
1,170416
1,170416
There's no point to downvoting this. The permissions are irrelevant if ssh can't understand the key even with correct permissions; futhermore the answer also shows how to set the correct permissions.
– muru
yesterday
add a comment |
There's no point to downvoting this. The permissions are irrelevant if ssh can't understand the key even with correct permissions; futhermore the answer also shows how to set the correct permissions.
– muru
yesterday
There's no point to downvoting this. The permissions are irrelevant if ssh can't understand the key even with correct permissions; futhermore the answer also shows how to set the correct permissions.
– muru
yesterday
There's no point to downvoting this. The permissions are irrelevant if ssh can't understand the key even with correct permissions; futhermore the answer also shows how to set the correct permissions.
– muru
yesterday
add a comment |
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f342371%2fadding-ssh-private-key-gives-error-that-0644-permissions-are-too-open%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Possible duplicate of SSH with key passphrase not working
– Jakuje
yesterday
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
yesterday
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
yesterday
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
yesterday