ssh "permissions are too open" error

Question

I had a problem with my mac where I couldn't save any kind of file on the disk anymore. I had to reboot OSX lion and reset the permissions on files and acls.

But now when I want to commit a repository I get the following error from ssh:

Permissions 0777 for '/Users/username/.ssh/id_rsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. 

What permissions levels should i give to the id_rsa file?

Answer 1

Keys need to be only readable by you:

chmod 400 ~/.ssh/id_rsa 

If Keys need to be read-writable by you:

chmod 600 ~/.ssh/id_rsa 

600 appears to be fine as well (in fact better in most cases, because you don't need to change file permissions later to edit it).

The relevant portion from the manpage (man ssh)

 ~/.ssh/id_rsa          Contains the private key for authentication.  These files contain sensitive           data and should be readable by the user but not          accessible by others (read/write/execute).  ssh will simply ignore a private           key file if it is                        accessible by others.  It is possible to specify a          passphrase when generating the key which will be used to encrypt the sensitive           part of this file using 3DES.   ~/.ssh/identity.pub  ~/.ssh/id_dsa.pub  ~/.ssh/id_ecdsa.pub  ~/.ssh/id_rsa.pub          Contains the public key for authentication.  These files are not sensitive and           can (but need not) be readable by anyone.