SSH: “Permissions 0644 for 'my_key.pub' are too open.”
Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).
Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub
Best regards
ssh permissions file-permissions ssh-keys
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
add a comment |
Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).
Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub
Best regards
ssh permissions file-permissions ssh-keys
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
add a comment |
Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).
Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub
Best regards
ssh permissions file-permissions ssh-keys
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
Why is 0644 i.e. -rw-r--r-- too open for a SSH key? Also I could not find any false permissions on the .ssh directory (0700) or the home directory (0731).
Btw I'm getting this error when testing the paraphrase of a key via ssh-keygen -y -f my_key.pub
Best regards
ssh permissions file-permissions ssh-keys
ssh permissions file-permissions ssh-keys
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
asked Jul 10 '14 at 1:20
user2820379user2820379
2301210
2301210
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.
To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
add a comment |
0644 in not supposed to be too open for a public key, but is too open for your private key.
Your private key should have permission 0600 while your public key have permission 0644.
By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.
As to your home directory, write permission is not supposed to be granted to group and others.
Run chmod go-w /home/username should fix that.
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the.sshfolder and theid_rsafile itself, not your entire home directory!
– niftylettuce
Oct 24 '17 at 0:48
add a comment |
The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.
This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
Updated @TwistyImpersonator
– niftylettuce
Oct 24 '17 at 4:14
add a comment |
Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).
answered Jan 3 at 9:20
JavaromeJavarome
1012
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f779157%2fssh-permissions-0644-for-my-key-pub-are-too-open%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.
To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
add a comment |
You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.
To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
add a comment |
You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.
To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
You may be running ssh-keygen on the wrong file. ssh-keygen -y operates on a private key file. ".pub" files normally contain the public key. You probably have a file there named my_key, without any extension, and it ought to be mode 0600. That is the file which should contain the private key.
To directly answer your question, SSH keys are normally used to permit connecting to remote servers without a password. Possession of the private key would permit someone to log into your account on any system which accepts the key. ssh-keygen and the other ssh utilities require private key files to have restricted permissions because the files are sensitive and need to remain secure.
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
edited Jul 20 '14 at 20:50
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
answered Jul 10 '14 at 13:24
KensterKenster
4,84521933
4,84521933
add a comment |
add a comment |
0644 in not supposed to be too open for a public key, but is too open for your private key.
Your private key should have permission 0600 while your public key have permission 0644.
By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.
As to your home directory, write permission is not supposed to be granted to group and others.
Run chmod go-w /home/username should fix that.
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the.sshfolder and theid_rsafile itself, not your entire home directory!
– niftylettuce
Oct 24 '17 at 0:48
add a comment |
0644 in not supposed to be too open for a public key, but is too open for your private key.
Your private key should have permission 0600 while your public key have permission 0644.
By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.
As to your home directory, write permission is not supposed to be granted to group and others.
Run chmod go-w /home/username should fix that.
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the.sshfolder and theid_rsafile itself, not your entire home directory!
– niftylettuce
Oct 24 '17 at 0:48
add a comment |
0644 in not supposed to be too open for a public key, but is too open for your private key.
Your private key should have permission 0600 while your public key have permission 0644.
By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.
As to your home directory, write permission is not supposed to be granted to group and others.
Run chmod go-w /home/username should fix that.
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
0644 in not supposed to be too open for a public key, but is too open for your private key.
Your private key should have permission 0600 while your public key have permission 0644.
By the way, you should also take care of the permission on .ssh folder. It should has the permission 0700, so that only you, the owner, has control over the folder.
As to your home directory, write permission is not supposed to be granted to group and others.
Run chmod go-w /home/username should fix that.
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
answered Jul 10 '14 at 2:43
pallxkpallxk
25415
25415
Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the.sshfolder and theid_rsafile itself, not your entire home directory!
– niftylettuce
Oct 24 '17 at 0:48
add a comment |
Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the.sshfolder and theid_rsafile itself, not your entire home directory!
– niftylettuce
Oct 24 '17 at 0:48
Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the
.ssh folder and the id_rsa file itself, not your entire home directory!– niftylettuce
Oct 24 '17 at 0:48
Absolutely do not follow these instructions. This is NOT what you should do. This will also reset all home directory permissions. You should ONLY be modifying the
.ssh folder and the id_rsa file itself, not your entire home directory!– niftylettuce
Oct 24 '17 at 0:48
add a comment |
The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.
This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
Updated @TwistyImpersonator
– niftylettuce
Oct 24 '17 at 4:14
add a comment |
The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.
This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
Updated @TwistyImpersonator
– niftylettuce
Oct 24 '17 at 4:14
add a comment |
The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.
This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
The only command you need to run is chmod 600 ~/.ssh/id_rsa. That's it.
This changes the permissions on the file so that the owner (you) can read and write it, which will remove the error message you receive.
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
edited Oct 24 '17 at 4:14
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
answered Oct 24 '17 at 0:50
niftylettuceniftylettuce
1313
1313
Updated @TwistyImpersonator
– niftylettuce
Oct 24 '17 at 4:14
add a comment |
Updated @TwistyImpersonator
– niftylettuce
Oct 24 '17 at 4:14
Updated @TwistyImpersonator
– niftylettuce
Oct 24 '17 at 4:14
Updated @TwistyImpersonator
– niftylettuce
Oct 24 '17 at 4:14
add a comment |
Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).
answered Jan 3 at 9:20
JavaromeJavarome
1012
add a comment |
Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).
answered Jan 3 at 9:20
JavaromeJavarome
1012
add a comment |
Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).
answered Jan 3 at 9:20
JavaromeJavarome
1012
Answers above are valid but before running any chmod to fix permissions, just make sure your IdentityFile(s) in ~/.ssh/config do refer to your private key. Novices could misundertand that and refer to the public key (with .pub extension) instead, thus leading to that same error (since the public key file permissions are too open for a private key).
answered Jan 3 at 9:20
JavaromeJavarome
1012
answered Jan 3 at 9:20
JavaromeJavarome
1012
answered Jan 3 at 9:20
JavaromeJavarome
1012
answered Jan 3 at 9:20
JavaromeJavarome
1012
1012
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f779157%2fssh-permissions-0644-for-my-key-pub-are-too-open%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
