Here's a little tidbit that might help someone. I was configuring my public and private keys to allow secure SSH communications between my workstation and a server (see /2007/08/eliminating-need-to-enter-your-password.html for more details). The workstation is an XP box running Cygwin and the server is a Linux variant. When I went to test ssh, I got the following error in Cygwin from the XP box that denied access to the private key:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
WARNING: UNPROTECTED PRIVATE KEY FILE! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/cygdrive/h/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /cygdrive/h/.ssh/id_rsa
Password:
Woops. I guess that's my fault. Looking at the file permissions, I see that id_rsa perms are too loose:
bash-2.02$ ls -l id_rsa
-rw-r--r-- 1 28235 everyone 1675 Jan 30 15:33 id_rsa
I issued the following chmod command:
bash-2.02$ chmod 600 id_rsa
bash-2.02$ ls -l id_rsa
-rw-r--r-- 1 28235 everyone 1675 Jan 30 15:33 id_rsa
But the permissions stayed the same. What gives? Why aren't the permissions changing?
Apparently, Cygwin has two ways to deal with file permissions. Here's the explanation:
http://www.iu.hio.no/cfengine/docs/cfengine-NT/node24.html
The short answer, though, is that I was able to solve my problem by setting this environment variable in /Cygnus/cygwin-b20/cygnus.bat:
set CYGWIN=ntea
Once I set that environment variable in the batch script and restarted a new Cygwin shell, I was able to set the permissions correctly:
bash-2.02$ chmod 600 id_rsa
bash-2.02$ ls -l id_rsa
-rw------- 1 28235 everyone 1675 Jan 30 15:33 id_rsa
Update 2/8/2008
I also got bollucksed with id_rsa permissions if my user's NT permissions on the file were not Full Control. So watch out for that as well.
Live and learn!
sodo
Wednesday, January 30, 2008
couldn't set file permissions in Cygwin
Labels:
cygwin,
file permissions,
permissions,
ssh
If you appreciated this answer..consider buying me a beer via PayPal!
I'm easy..$1 Draft would be great! THANKS!
Subscribe to:
Post Comments (Atom)
Feel free to drop me a line or ask me a question.
3 comments:
Nice post cacasodo. It came up as the 4th result for a serach I did on some ssh permissions questions.
Cheers
maximus
FYI the google search was:
set permissions on id_rsa
-maximus
Interesting. Thanks for dropping by!
;)
Post a Comment