SSH: “Permissions 0644 for 'my_key.pub' are too open.”












12















Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).



Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub



Best regards










share|improve this question



























    12















    Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).



    Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub



    Best regards










    share|improve this question

























      12












      12








      12


      5






      Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).



      Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub



      Best regards










      share|improve this question














      Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).



      Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub



      Best regards







      ssh permissions file-permissions ssh-keys






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jul 10 '14 at 1:20









      user2820379user2820379

      2301210




      2301210






















          4 Answers
          4






          active

          oldest

          votes


















          4














          You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.



          To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.






          share|improve this answer

































            10














            0644 in not supposed to be too open for a public key, but is too open for your private key.



            Your private key should have permission 0600 while your public key have permission 0644.



            By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.



            As to your home directory, write permission is not supposed to be granted to group and others.



            Run chmod go-w /home/username should fix that.






            share|improve this answer
























            • Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the .ssh folder and the id_rsa file itself, not your entire home directory!

              – niftylettuce
              Oct 24 '17 at 0:48



















            3














            The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.



            This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.






            share|improve this answer


























            • Updated @TwistyImpersonator

              – niftylettuce
              Oct 24 '17 at 4:14



















            0














            Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).






            share|improve this answer























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "3"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f779157%2fssh-permissions-0644-for-my-key-pub-are-too-open%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              4 Answers
              4






              active

              oldest

              votes








              4 Answers
              4






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              4














              You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.



              To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.






              share|improve this answer






























                4














                You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.



                To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.






                share|improve this answer




























                  4












                  4








                  4







                  You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.



                  To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.






                  share|improve this answer















                  You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.



                  To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Jul 20 '14 at 20:50

























                  answered Jul 10 '14 at 13:24









                  KensterKenster

                  4,84521933




                  4,84521933

























                      10














                      0644 in not supposed to be too open for a public key, but is too open for your private key.



                      Your private key should have permission 0600 while your public key have permission 0644.



                      By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.



                      As to your home directory, write permission is not supposed to be granted to group and others.



                      Run chmod go-w /home/username should fix that.






                      share|improve this answer
























                      • Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the .ssh folder and the id_rsa file itself, not your entire home directory!

                        – niftylettuce
                        Oct 24 '17 at 0:48
















                      10














                      0644 in not supposed to be too open for a public key, but is too open for your private key.



                      Your private key should have permission 0600 while your public key have permission 0644.



                      By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.



                      As to your home directory, write permission is not supposed to be granted to group and others.



                      Run chmod go-w /home/username should fix that.






                      share|improve this answer
























                      • Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the .ssh folder and the id_rsa file itself, not your entire home directory!

                        – niftylettuce
                        Oct 24 '17 at 0:48














                      10












                      10








                      10







                      0644 in not supposed to be too open for a public key, but is too open for your private key.



                      Your private key should have permission 0600 while your public key have permission 0644.



                      By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.



                      As to your home directory, write permission is not supposed to be granted to group and others.



                      Run chmod go-w /home/username should fix that.






                      share|improve this answer













                      0644 in not supposed to be too open for a public key, but is too open for your private key.



                      Your private key should have permission 0600 while your public key have permission 0644.



                      By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.



                      As to your home directory, write permission is not supposed to be granted to group and others.



                      Run chmod go-w /home/username should fix that.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Jul 10 '14 at 2:43









                      pallxkpallxk

                      25415




                      25415













                      • Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the .ssh folder and the id_rsa file itself, not your entire home directory!

                        – niftylettuce
                        Oct 24 '17 at 0:48



















                      • Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the .ssh folder and the id_rsa file itself, not your entire home directory!

                        – niftylettuce
                        Oct 24 '17 at 0:48

















                      Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the .ssh folder and the id_rsa file itself, not your entire home directory!

                      – niftylettuce
                      Oct 24 '17 at 0:48





                      Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the .ssh folder and the id_rsa file itself, not your entire home directory!

                      – niftylettuce
                      Oct 24 '17 at 0:48











                      3














                      The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.



                      This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.






                      share|improve this answer


























                      • Updated @TwistyImpersonator

                        – niftylettuce
                        Oct 24 '17 at 4:14
















                      3














                      The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.



                      This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.






                      share|improve this answer


























                      • Updated @TwistyImpersonator

                        – niftylettuce
                        Oct 24 '17 at 4:14














                      3












                      3








                      3







                      The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.



                      This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.






                      share|improve this answer















                      The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.



                      This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited Oct 24 '17 at 4:14

























                      answered Oct 24 '17 at 0:50









                      niftylettuceniftylettuce

                      1313




                      1313













                      • Updated @TwistyImpersonator

                        – niftylettuce
                        Oct 24 '17 at 4:14



















                      • Updated @TwistyImpersonator

                        – niftylettuce
                        Oct 24 '17 at 4:14

















                      Updated @TwistyImpersonator

                      – niftylettuce
                      Oct 24 '17 at 4:14





                      Updated @TwistyImpersonator

                      – niftylettuce
                      Oct 24 '17 at 4:14











                      0














                      Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).






                      share|improve this answer




























                        0














                        Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).






                        share|improve this answer


























                          0












                          0








                          0







                          Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).






                          share|improve this answer













                          Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Jan 3 at 9:20









                          JavaromeJavarome

                          1012




                          1012






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Super User!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f779157%2fssh-permissions-0644-for-my-key-pub-are-too-open%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              Сан-Квентин

                              Алькесар

                              Josef Freinademetz