Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSH Private Key Permissions using Git GUI or ssh-keygen are too open

People also ask

What permissions should ssh private key have?

The private key file on your local workstation (client-side) should have permissions set to 600 , and the . ssh directory should have the permissions set to 700 .

How do I fix permissions 0644?

To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you. This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.

How do I change the private key permissions in Windows?

The ACL. Of the private key. @Sabrina Either you use icacls command to change permission, or simply right click on the Private Key, and choose Properties, and check under "Security" tab. And make sure that it is only accessible by you / whoever supposed to be able to access the private key.


You changed the permissions on the whole directory, which I agree with Splash is a bad idea. If you can remember what the original permissions for the directory are, I would try to set them back to that and then do the following

cd ~/.ssh
chmod 700 id_rsa

inside the .ssh folder. That will set the id_rsa file to rwx (read, write, execute) for the owner (you) only, and zero access for everyone else.

If you can't remember what the original settings are, add a new user and create a set of SSH keys for that user, thus creating a new .ssh folder which will have default permissions. You can use that new .ssh folder as the reference for permissions to reset your .ssh folder and files to.

If that doesn't work, I would try doing an uninstall of msysgit, deleting ALL .ssh folders on the computer (just for safe measure), then reinstalling msysgit with your desired settings and try starting over completely (though I think you told me you tried this already).

Edited: Also just found this link via Google -- Fixing "WARNING: UNPROTECTED PRIVATE KEY FILE!" on Linux While it's targeted at linux, it might help since we're talking liunx permissions and such.


There is a bug with cygwin's chmod, please refer to:

https://superuser.com/questions/397288/using-cygwin-in-windows-8-chmod-600-does-not-work-as-expected

chgrp -Rv Users ~/.ssh/* 
chmod -vR 600 ~/.ssh/id_rsa

For *nix systems, the obvious fix is chmod 600 id_rsa ofc, but on windows 7 I had to hit my head against the wall for a while, but then I found the magic solution:

go to My Computer / Right Click / Properties / Advanced System Settings / Environment Variables and DELETE the variable (possibly from both system and user environment):

CYGWIN

Basically, its a flaw in mingw32 used by git windows binary, seeing all files 644 and all folders 755 always. Removing the environment variable does not change that behaviour, but it appearantly tells ssh.exe to ignore the problem. If you do set proper permissions to your id_rsa through explorers security settings (there really is no need to have any other user in there than your own, not "everyone", not "administrators", not "system". none. just you), you'll still be secure.

Now, why mingw32, a different system than cygwin, would make any use of the CYGWIN environment variable, is beyond me. Looks like a bug to me.


I'm on XP and this allowed Git Bash to communicate w/ Github (after much frustration):

  1. copy c:\cygwin\bin\cyg* (~50 files) to c:\Program Files\Git\bin\
  2. copy c:\cygwin\bin\ssh.exe to c:\Program Files\Git\bin\ (overwriting)
  3. Create the file c:\Documents and Settings\<username>\.ssh\config containing:

    Host github.com
        User git
        Hostname github.com
        PreferredAuthentications publickey
        IdentityFile "/cygdrive/c/Documents and Settings/<username>/.ssh/id_rsa"
    
  4. (optional) Use ssh -v git@github to see the connection debugged.

  5. Try a push!

Background: The general problem is a combination of these two:

  • BUG: mingw32 sees all files as 644 (other/group-readable), and nothing I tried in mingw32, cygwin, or Windows could fix it.
  • mingw32's SSH version won't allow that for private keys (generally a good policy in a server).

For Windows 7 using the Git found here (it uses MinGW, not Cygwin):

  1. In the windows explorer, right-click your id_rsa file and select Properties
  2. Select the Security tab and click Edit...
  3. Check the Deny box next to Full Control for all groups EXCEPT Administrators
  4. Retry your Git command