157

Can someone explain this to me please and what I can do to sort out my permissions issue. It seems to be stopping me from getting the authenticity of host heroku and fixing my keys issues.

david@daniel-Inspiron-531:~$ ssh-add david/.ssh/id_rsa
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0775 for 'david/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
david@daniel-Ins
Andrew T.
  • 4,701
  • 8
  • 43
  • 62
David
  • 1,709
  • 2
  • 10
  • 12

5 Answers5

201

I would recommend you to re create a set of keys using 

ssh-keygen -t rsa -C '<email>'

for a more secure system. Else changing the permissions to something less open would do.

To change permissions, use

chmod  400 ~/.ssh/id_rsa
rjv
  • 6,058
  • 5
  • 27
  • 49
  • 8
    It works. I have 10 servers, i copied the id_rsa from server1 to all other 9 servers then i got this error. To resolve it i applied chmod 400 ~/.ssh/id_rsa and i can now do $ git clone. –  Feb 09 '15 at 09:37
  • This worked for me :- sudo chmod 600 ~/.ssh/id_rsa -- sudo chmod 600 ~/.ssh/id_rsa.pub – hB0 Mar 11 '17 at 10:04
  • either permission could be 400 or 600 – Javeed Shakeel Dec 18 '17 at 15:47
  • For me only 400 worked, 600 led to a time out while trying to fetch from the github repository – Dominique Paul Apr 02 '20 at 10:17
  • I tried the equivalent windows method in this link it worked: https://gist.github.com/jaskiratr/cfacb332bfdff2f63f535db7efb6df93 – Vijai Feb 22 '22 at 15:30
46

Simply reset permissions to your key files to defaults

sudo chmod 600 ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa.pub
JSEvgeny
  • 2,550
  • 1
  • 24
  • 38
  • The command for the private key is correct. By other hand, public keys must have read permissions for all. If you limit the permissions to just the user/owner you could have some problems in the future. This command would do the trick `sudo chmod a=r ~/.ssh/id_rsa.pub` or `sudo chmod 644 ~/.ssh/id_rsa.pub`. – Dan Dec 31 '21 at 06:24
  • 1
    This saved me a lot of time! –  Jan 26 '23 at 01:49
  • @THEJOATMON that's great to hear! – JSEvgeny Jan 27 '23 at 08:07
21

If you are using WSL, you can copy file.pem to ~/.ssh/

Copy file .pem

cp file.pem ~/.ssh/

Change permissions:

chmod 600 ~/.ssh/file.pem

Done, try again with your ssh-add

eval `ssh-agent -s`
ssh-add ~/.ssh/file.pem
Antonio Moreno
  • 881
  • 8
  • 9
13

Just change the permission of the /.ssh/id_rsa file to 400

#chmod  400 ~/.ssh/id_rsa

This won't make others or from any group members to modify the file.

Javeed Shakeel
  • 2,926
  • 2
  • 31
  • 40
4

You should change the owner of the file(which contains the private key)to your username with full access. and then remove the other usernames that have access to that file.

Right Click on the file which contains the private key and clicks on properties and then Security tab> Advanced by clicking on the change button you can change the owner to your username. (if you don't know the name of your username run: "echo %USERNAME%" in command prompt.) Change>Advanced...>Find Now

Remove all Permission entries except the one you just added

click on Disable inheritance> Convert inherited permissions..... then remove all Permission entries except the one you just added.

Golam Rabbi
  • 51
  • 3