file permission problem on Cygwin

From: Teruhiko Kurosaka (Kuro_at_basistech.com)
Date: 03/31/04

  • Next message: Fabiano Bonin: "Remote ports accepting connections from other hosts" 
    Date: Tue, 30 Mar 2004 16:06:42 -0800
To: <secureshell@securityfocus.com>

    Until a few hours ago, I could login to my remote machine without
    entering password. I placed the public key in the remote machine's
    .ssh/authorized_keys file and the private RSA key in the local machine's
    .ssh/id_rsa. It was working well.

    Today, I (accidentally) upgraded open_ssh to version 3.8p1 (time stamped
    on 2/24/2004) from 3.7.1p2,and Cygwin to 1.5.9 (3/18/2004) from 1.5.5.

    After this upgrade, ssh now complains that I have "too open" file
    permissions on
    .ssh/id_rsa and ignores this file:
    -----------------------------------------------------------
    $ ssh -V
    OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090702f

    $ ssh -l my_login -X remote.host.name
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Permissions 0644 for '/my/home/.ssh/id_rsa' are too open.
    It is recommended that your private key files are NOT accessible by
    others.
    This private key will be ignored.
    bad permissions: ignore key: /my/home/.ssh/id_rsa

    $ ls -ls .ssh/id_rsa
       1 -rw-r--r-- 1 my_login my_group 887 Mar 30 14:39
    .ssh/id_rsa
    -----------------------------------------------------------

    I tried "chmod 0600 .ssh/id_rsa" has no effect in Cygwin. It just
    behaves
    as though it changed the permissions, but nothing changes. I am
    guessing
    this is a normal behavior since the NT does not support the Unix-like
    permission mechanism. If I do "umask 077", ls behaves as though only
    the owner of this file (me) has access to it. But that didn't affect
    the behavior of ssh. ssh still insists I set the permissions right.
    What am I supposed to do ? 

    ----
T. "Kuro" Kurosaka, San Francisco, California, US
  • Next message: Fabiano Bonin: "Remote ports accepting connections from other hosts"

    Relevant Pages

    • Setting up SSH Protocol 1 3rd Auth. Method (via man ssh), how?
      ... via the 3rd authentication method listed in the SSH man page. ... The private key is in $HOME/.ssh/identity and the ... be able to log in to the remote machine via: ... ssh-agent tells me it is generating a RSA-1 public/private keypair. ...
      (comp.security.ssh)
    • Re: Protecting private keys...
      ... Don't give them root and set the permissions on the private key so ... They don't have the root password, but if I change the permissions on ... the private key will the key still be able to be read by ssh? ...
      (comp.security.ssh)
    • Re: I do not get ssh. Why is it more secure?
      ... How is this any more secure that plain old telnet? ... And, well, I just don't get the advantage of ssh ... If you put your ssh server on port 12345, it will be free from attacks. ... SSH connections, in the hands of someone who actually knows what they are doing, have the benefit of treating a remote machine as a remote machine. ...
      (comp.os.linux.misc)
    • Re: Remote Execution Through FTP
      ... > I need to send some file from my local machine to a remote machine ... > generation mechanism in SSH. ... then you can script this quite easily using public key's to authenticate. ... Make sure the permissions on the .ssh directory and all the files in it are ...
      (comp.unix.admin)
    • Re: Is SSH worth it??
      ... > We would be using SSH and SCP. ... SCP for automated scripts. ... > client will not be prompted for a password. ... remote machine, but imho it is better to swap client+server and give ...
      (Security-Basics)