ansaurus

Question

SSH Private Key Permissions using Git GUI or ssh-keygen are too open

Answer 1

+2 A:

You changed the permissions on the whole directory, which I agree with Splash is a bad idea. If you can remember what the original permissions for the directory are, I would try to set them back to that and then do the following

cd ~/.ssh
chmod 700 id_rsa

inside the .ssh folder. That will set the id_rsa file to rwx (read, write, execute) for the owner (you) only, and zero access for everyone else.

If you can't remember what the original settings are, add a new user and create a set of SSH keys for that user, thus creating a new .ssh folder which will have default permissions. You can use that new .ssh folder as the reference for permissions to reset your .ssh folder and files to.

If that doesn't work, I would try doing an uninstall of msysgit, deleting ALL .ssh folders on the computer (just for safe measure), then reinstalling msysgit with your desired settings and try starting over completely (though I think you told me you tried this already).

Edited: Also just found this link via Google -- Fixing "WARNING: UNPROTECTED PRIVATE KEY FILE!" on Linux While it's targeted at linux, it might help since we're talking liunx permissions and such.

Koby 2009-10-13 15:01:43

this got the correct answer vote, but doesn't seem to detail how to fix this in which environment. What do I need to do to get this to work from PowerShell, I don't want to use cygwin

fuzzy lollipop 2010-08-20 21:52:16

This answer specifically applies to using cygwin or msysgit (since msysgit uses a subset of cygwin or possibly mingw32). The issue is the permission on the file. Git likes to work with (mostly) linux permissions (probably a by product of it's target audience). Using the git.exe in Winodws shell is known to have issues, I would advise sticking with msysgit. At least until GitSharp is fully working.

Koby 2010-08-24 21:22:42

Answer 2

A:

Not a direct answer to the primary question, but on your question of how cygwin's folder works... As a general rule, cygwin puts all of "your" files under the equiv of c:\cygwin\home\username. It treats that folder for any user-specific settings rather than the Windows user directory.

J Wynia 2009-10-13 17:25:13

Answer 3

A:

I'm playing right now with Git 1.6.5, and I can't replicate your setup:

Administrator@WS2008 /k/git
$ ll ~/.ssh
total 8
drwxr-xr-x    2 Administ Administ     4096 Oct 13 22:04 ./
drwxr-xr-x    6 Administ Administ     4096 Oct  6 21:36 ../
-rw-r--r--    1 Administ Administ        0 Oct 13 22:04 c.txt
-rw-r--r--    1 Administ Administ      403 Sep 30 22:36 config_disabled
-rw-r--r--    1 Administ Administ      887 Aug 30 16:33 id_rsa
-rw-r--r--    1 Administ Administ      226 Aug 30 16:34 id_rsa.pub
-rw-r--r--    1 Administ Administ      843 Aug 30 16:32 id_rsa_putty.ppk
-rw-r--r--    1 Administ Administ      294 Aug 30 16:33 id_rsa_putty.pub
-rw-r--r--    1 Administ Administ     1626 Sep 30 22:49 known_hosts

Administrator@WS2008 /k/git
$ git clone [email protected]:alexandrul/gitbook.git
Initialized empty Git repository in k:/git/gitbook/.git/
remote: Counting objects: 1152, done.
remote: Compressing objects: 100% (625/625), done.
remote: Total 1152 (delta 438), reused 1056 (delta 383)s
Receiving objects: 100% (1152/1152), 1.31 MiB | 78 KiB/s, done.
Resolving deltas: 100% (438/438), done.

Administrator@WS2008 /k/git
$ ssh [email protected]
ERROR: Hi alexandrul! You've successfully authenticated, but GitHub does not pro
vide shell access
Connection to github.com closed.

$ ssh -v
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007

chmod doesn't modify file permissions for my keys either.

Environment:

Windows Server 2008 SP2 on NTFS
user: administrator
environment vars:
- PLINK_PROTOCOL=ssh
- HOME=/c/profiles/home

Update: Git 1.6.5.1 works as well.

alexandrul 2009-10-13 19:11:30

interesting. Looks like you're using the putty option?

Ben Scheirman 2009-10-13 21:25:04

nope, I just generated the keys with putty-gen

alexandrul 2009-10-14 04:16:15

Answer 4

+1 A:

I had the same problem on Windows just recently. I tried to chmod 700 on my ~/.ssh/id_rsa file but it did not seem to work. When I had a look at the permissions using ls -l on the ~/.ssh/id_rsa I could see that my effective permissions still was 644.

Then I remembered that windows permissions also inherit permissions from the folders, and the folder was still open to everyone. A solution could be to set permissions for the folder as well, but I think a better way would be to tell the system to ignore inheritance for this file. This can be done using the advanced option on the security tab in the properties of the file, and unchecking "inherit from parent permissions..."

This might be helpful for others with the same problem.

daramarak 2010-04-07 09:37:01

Answer 5

A:

After comming across the problem recently and this being one of the top google results i thought i would chip in with a simple work around documented in discussion here: http://code.google.com/p/msysgit/issues/detail?id=261#c40

Simply involves overwriting the mysys ssh.exe with your cygwin ssh.exe

chriskhan 2010-10-12 10:31:39

ansaurus

tags:

views:

answers:

SSH Private Key Permissions using Git GUI or ssh-keygen are too open

related questions