Bug#869787: Please let me ssh-add a group-writeable private key file
Package: openssh-client
Version: 1:6.0p1-4+deb7u3
(test-lab)osstest@osstest:~/branches/for-freebsd-master.git$ ssh-add ~/.ssh/id_rsa_osstest
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/home/osstest/.ssh/id_rsa_osstest' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
(test-lab)osstest@osstest:~/branches/for-freebsd-master.git$ ls -al ~/.ssh/id_rsa_osstest
-rw-r----- 1 osstest osstest 2455 Mar 5 2015 /home/osstest/.ssh/id_rsa_osstest
(test-lab)osstest@osstest:~/branches/for-freebsd-master.git$
This was quite annoying. In my setup, that private key is
deliberately group-readable, and the osstest service user's "personal
group" contains other processes that have to read it.
I ended up doing this
cp ~/.ssh/id_rsa_osstest ~/t
chmod 600 ~/t
ssh-add ~/t
Ian.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: