手机版
你好,游客 登录 注册 搜索
背景:
阅读新闻

Permissions 0644 for '/home/linuxidc/.ssh/id_rsa' are too open 解决

[日期:2018-02-13] 来源:Linux社区  作者:qwfys200 [字体: ]

1、问题:

前几天我在的Linux Mint 主机linuxidc.com的Virtualbox 上新安装了一个Fedora27 系统,主机名取名为fefora。

将本地.ssh目录上传到fedora上:

linuxidc@linuxidc.com ~ $ scp -r .ssh linuxidc@fedora:~/
id_rsa.pub                                    100%  397     0.4KB/s   00:00    
known_hosts                                   100% 6547     6.4KB/s   00:00    
id_rsa                                        100% 1675     1.6KB/s   00:00    
linuxidc@linuxidc.com ~ $

登录到主机fedora上,

linuxidc@linuxidc.com ~ $ ssh linuxidc@fedora 
Last login: Sat Dec 30 15:45:36 2017 from 192.168.1.4
linuxidc@redora ~ $ 

切换到目录~/~/Public/project/com/gitee下,将clone Spring boot 项目源码:

linuxidc@redora ~ $ cd Public/project/com/gitee/
linuxidc@redora ~/Public/project/com/gitee $ ll
total 8
drwxrwxr-x. 2 linuxidc lwk 4096 Dec 30 16:07 .
drwxrwxr-x. 3 linuxidc lwk 4096 Dec 30 15:54 ..
linuxidc@redora ~/Public/project/com/gitee $ 
linuxidc@redora ~/Public/project/com/gitee $ git clone git@github.com:spring-projects/spring-boot.git
Cloning into 'spring-boot'...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/linuxidc/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/linuxidc/.ssh/id_rsa": bad permissions
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
linuxidc@redora ~/Public/project/com/gitee $ 

2、解决办法

经查资料,发现已经有人找到了问题的解决办法:

仔细阅读了一下ssh文档和这句提示,大概的意思时ssh的私有密钥的权限开放尺度太大了,可以供人随意>欣赏了,ssh自身的策略关闭了ssh。
解决方案:将权限由0644降低为0600
chmod 0600 ~/.ssh/id_rsa

这时回过头来查看~/.ssh目录下相关文件的权限:

linuxidc@redora ~/.ssh $ ll
total 28
drwx------.  2 linuxidc lwk 4096 Dec 29 18:26 .
drwx------. 10 linuxidc lwk 4096 Dec 30 15:21 ..
-rw-------.  1 linuxidc lwk  397 Dec 29 16:15 authorized_keys
-rw-r--r--.  1 linuxidc lwk 1675 Dec 30 16:08 id_rsa
-rw-r--r--.  1 linuxidc lwk  397 Dec 30 16:08 id_rsa.pub
-rw-r--r--.  1 linuxidc lwk 6547 Dec 30 16:08 known_hosts
linuxidc@redora ~/.ssh $ 

果然如此,现根据上面的提示将id_rsa、id_rsa.pub、known_hosts的权限修改为只有自己可以读写。

linuxidc@redora ~/.ssh $ chmod go+r id_rsa*
linuxidc@redora ~/.ssh $ chmod go+r known_hosts
linuxidc@redora ~/.ssh $ ll
total 28
drwx------.  2 linuxidc lwk 4096 Dec 29 18:26 .
drwx------. 10 linuxidc lwk 4096 Dec 30 15:21 ..
-rw-------.  1 linuxidc lwk  397 Dec 29 16:15 authorized_keys
-rw-------.  1 linuxidc lwk 1675 Dec 30 16:08 id_rsa
-rw-------.  1 linuxidc lwk  397 Dec 30 16:08 id_rsa.pub
-rw-------.  1 linuxidc lwk 6547 Dec 30 16:08 known_hosts

切换目录到~/Public/project/com/gitee,继续clone

linuxidc@redora ~ $ cd Public/project/com/gitee/
linuxidc@redora ~/Public/project/com/gitee $ git clone git@github.com:spring-projects/spring-boot.git
Cloning into 'spring-boot'...
remote: Counting objects: 318361, done.
remote: Compressing objects: 100% (323/323), done.

至此问题解决。

3、总结

出现这种情况主要还是由于初学者不熟悉Linux操作命令而导致的,如果能熟练使用ssh-copy-id就不会出现这样的问题,具体命令如下:

linuxidc@linuxidc.com ~ $ ssh-copy-id -i ~/.ssh/id_rsa.pub linuxidc@fedora
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/linuxidc/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
linuxidc@Ubuntu's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'linuxidc@fedora'"
and check to make sure that only the key(s) you wanted were added.

linuxidc@linuxidc.com ~ $ 

更多Fedora相关信息见Fedora 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=5

本文永久更新链接地址http://www.linuxidc.com/Linux/2018-02/150923.htm

linux
相关资讯       Permissions 0644 
本文评论   查看全部评论 (0)
表情: 表情 姓名: 字数

       

评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有权在网站内转载或引用您的评论
  • 参与本评论即表明您已经阅读并接受上述条款