Adding SSH private key gives error that 0644 permissions are too open
up vote
8
down vote
favorite
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
New contributor
add a comment |
up vote
8
down vote
favorite
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
New contributor
Possible duplicate of SSH with key passphrase not working
– Jakuje
12 hours ago
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
9 hours ago
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
8 hours ago
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
8 hours ago
add a comment |
up vote
8
down vote
favorite
up vote
8
down vote
favorite
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
New contributor
I have a generated a ssh private key .key. I want to add it into my ssh in Mac to connect to a remote server, I have only known_hosts
file in ~/.ssh
directory.
When I try to add it using this command:
ssh-add -K ~/.ssh/myKey.ppk
I get this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/username/.ssh/myKey.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
macos ssh
macos ssh
New contributor
New contributor
edited 57 mins ago
muru
361213
361213
New contributor
asked 19 hours ago
Mohamed Mellal
412
412
New contributor
New contributor
Possible duplicate of SSH with key passphrase not working
– Jakuje
12 hours ago
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
9 hours ago
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
8 hours ago
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
8 hours ago
add a comment |
Possible duplicate of SSH with key passphrase not working
– Jakuje
12 hours ago
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
9 hours ago
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
8 hours ago
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
8 hours ago
Possible duplicate of SSH with key passphrase not working
– Jakuje
12 hours ago
Possible duplicate of SSH with key passphrase not working
– Jakuje
12 hours ago
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
9 hours ago
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
9 hours ago
1
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
8 hours ago
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
8 hours ago
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
8 hours ago
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
8 hours ago
add a comment |
4 Answers
4
active
oldest
votes
up vote
12
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
add a comment |
up vote
7
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
5
Why even allow write access?0400
would be sufficient.
– Ruslan
15 hours ago
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
48 mins ago
add a comment |
up vote
0
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
add a comment |
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
12
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
add a comment |
up vote
12
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
add a comment |
up vote
12
down vote
up vote
12
down vote
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
The error message is displayed because the file permission are set such that it is readable by other users apart from the logged-in user. To overcome the error message, you will need to change the file permissions for the private key such that it is readable only by you.
To do that, run the following command in Terminal:
cd ~/.ssh ; chmod 400 myKey.ppk
This will allow only your user to read (and not write and execute) the private key file and prevent everyone else from reading, writing and executing the file.
This will take care of the error message shown to you and you should be able to add the private key file all right.
edited 18 hours ago
answered 19 hours ago
Nimesh Neema
11.3k42962
11.3k42962
add a comment |
add a comment |
up vote
7
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
5
Why even allow write access?0400
would be sufficient.
– Ruslan
15 hours ago
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
48 mins ago
add a comment |
up vote
7
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
5
Why even allow write access?0400
would be sufficient.
– Ruslan
15 hours ago
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
48 mins ago
add a comment |
up vote
7
down vote
up vote
7
down vote
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
Go to the terminal and type this command:
chmod 0600 ~/.ssh/myKey.ppk
That should be fine.
answered 19 hours ago
Scott Earle
3,110621
3,110621
5
Why even allow write access?0400
would be sufficient.
– Ruslan
15 hours ago
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
48 mins ago
add a comment |
5
Why even allow write access?0400
would be sufficient.
– Ruslan
15 hours ago
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
48 mins ago
5
5
Why even allow write access?
0400
would be sufficient.– Ruslan
15 hours ago
Why even allow write access?
0400
would be sufficient.– Ruslan
15 hours ago
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
48 mins ago
It's quite possible he might want to update it later. At any rate, 0600 is WAY better than 0644
– Scott Earle
48 mins ago
add a comment |
up vote
0
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
add a comment |
up vote
0
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
add a comment |
up vote
0
down vote
up vote
0
down vote
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
While changing the permissions of the .ppk
file will indeed make this warning go away, I would recommend to disable group/others access to .ssh
directory altogether:
cd ~
chmod g-rwx .ssh
chmod o-rwx .ssh
Otherwise, with insecure permissions on your home directory, other users could place files (like authorized_keys
) in your .ssh
directory, or mess with known_hosts
, or change config
items, and gain access that way - without having to know either your password or your private key.
Secondly, in a multi-user environment it would be dubious practice just to retroactively restrict permissions to a key. If a private key has been world-readable on a multi-user system at any given time, it should be considered as already compromised.
New contributor
New contributor
answered 13 hours ago
jvb
1011
1011
New contributor
New contributor
add a comment |
add a comment |
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
add a comment |
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
add a comment |
up vote
0
down vote
up vote
0
down vote
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
it looks like you copied your private key from Windows or from other computer where you used PuTTY. Unfortunately, the ssh
command-line tool does not support this key format and therefore you have two options:
- Install PuTTY again (it should exist also on your mac)
Convert the private key from PuTTY file format to the OpenSSH format (again using PuTTYGen from PuTTY as already described in my previous answer:
- Open PuttyGen
- Click Load
- Load your private key
- Go to Conversions->Export OpenSSH and export your private key
- Copy your private key to
~/.ssh/id_rsa
If you still see the issues using the new exported key (~/.ssh/id_rsa
, make sure that the key is not readable by anyone else but you (it is your private key) by removing all the privileges of all the others by running chmod 600 ~/.ssh/id_rsa
.
answered 8 hours ago
Jakuje
1,170416
1,170416
add a comment |
add a comment |
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Mohamed Mellal is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f342371%2fadding-ssh-private-key-gives-error-that-0644-permissions-are-too-open%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Possible duplicate of SSH with key passphrase not working
– Jakuje
12 hours ago
@Jakuje the question is different, leaving this open. It may be a duplicate of a different one though.
– Harv
9 hours ago
1
@Harv thank you for the comment. The question is different, but the answer is still the same. These answers below are just incomplete (leaving alone they are obvious first steps from the first chapter of *nix troubleshooting guide), but they do not lead anywhere. After applying either of them, the OP will find out that OpenSSH does not know how to read the Putty private key format and then he will ask why, which will boil down to my answer.
– Jakuje
8 hours ago
@Jakuje Interesting. I didn't know that about the different format; the question pertains specifically to permissions, not the file format - but thanks to your contribution, OP will have to deal with that once permissions issues are out of the way.
– Harv
8 hours ago