Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

permissions - ssh“权限太开放”错误(ssh “permissions are too open” error)

I had a problem with my mac where I couldn't save any kind of file on the disk anymore.

(我的Mac出现问题,无法再在磁盘上保存任何类型的文件。)

I had to reboot OSX lion and reset the permissions on files and acls.

(我必须重新启动OSX Lion并重置文件和ACL的权限。)

But now when I want to commit a repository I get the following error from ssh:

(但是现在当我要提交存储库时,我从ssh收到以下错误:)

Permissions 0777 for '/Users/username/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.

What permissions levels should i give to the id_rsa file?

(我应该赋予id_rsa文件什么权限级别?)

  ask by Yannick Schall translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Keys need to be only readable by you:

(密钥仅可由您读取:)

chmod 400 ~/.ssh/id_rsa

If Keys need to be read-writable by you:

(如果您需要密钥可读写:)

chmod 600 ~/.ssh/id_rsa

600 appears to be fine as well (in fact better in most cases, because you don't need to change file permissions later to edit it).

(600似乎也不错(实际上,在大多数情况下更好,因为您以后无需更改文件权限即可对其进行编辑)。)

The relevant portion from the manpage ( man ssh )

(联机帮助页中的相关部分( man ssh ))

  ~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using 3DES. ~/.ssh/identity.pub ~/.ssh/id_dsa.pub ~/.ssh/id_ecdsa.pub ~/.ssh/id_rsa.pub Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone. 

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...