首頁 > 軟體

Permissions 0644 for '/home/linuxidc/.ssh/id_rsa' are too open 解決

2020-06-16 16:55:27

1、問題:

前幾天我在的Linux Mint 主機linuxidc.com的Virtualbox 上新安裝了一個Fedora27 系統,主機名取名為fefora。

將本地.ssh目錄上傳到fedora上:

linuxidc@linuxidc.com ~ $ scp -r .ssh linuxidc@fedora:~/
id_rsa.pub                                    100%  397     0.4KB/s   00:00    
known_hosts                                   100% 6547     6.4KB/s   00:00    
id_rsa                                        100% 1675     1.6KB/s   00:00    
linuxidc@linuxidc.com ~ $

登入到主機fedora上,

linuxidc@linuxidc.com ~ $ ssh linuxidc@fedora 
Last login: Sat Dec 30 15:45:36 2017 from 192.168.1.4
linuxidc@redora ~ $

切換到目錄~/~/Public/project/com/gitee下,將clone Spring boot 專案原始碼:

linuxidc@redora ~ $ cd Public/project/com/gitee/
linuxidc@redora ~/Public/project/com/gitee $ ll
total 8
drwxrwxr-x. 2 linuxidc lwk 4096 Dec 30 16:07 .
drwxrwxr-x. 3 linuxidc lwk 4096 Dec 30 15:54 ..
linuxidc@redora ~/Public/project/com/gitee $ 
linuxidc@redora ~/Public/project/com/gitee $ git clone git@github.com:spring-projects/spring-boot.git
Cloning into 'spring-boot'...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/linuxidc/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/linuxidc/.ssh/id_rsa": bad permissions
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
linuxidc@redora ~/Public/project/com/gitee $

2、解決辦法

經查資料,發現已經有人找到了問題的解決辦法:

仔細閱讀了一下ssh文件和這句提示,大概的意思時ssh的私有金鑰的許可權開放尺度太大了,可以供人隨意>欣賞了,ssh自身的策略關閉了ssh。
解決方案:將許可權由0644降低為0600
chmod 0600 ~/.ssh/id_rsa

這時回過頭來檢視~/.ssh目錄下相關檔案的許可權:

linuxidc@redora ~/.ssh $ ll
total 28
drwx------.  2 linuxidc lwk 4096 Dec 29 18:26 .
drwx------. 10 linuxidc lwk 4096 Dec 30 15:21 ..
-rw-------.  1 linuxidc lwk  397 Dec 29 16:15 authorized_keys
-rw-r--r--.  1 linuxidc lwk 1675 Dec 30 16:08 id_rsa
-rw-r--r--.  1 linuxidc lwk  397 Dec 30 16:08 id_rsa.pub
-rw-r--r--.  1 linuxidc lwk 6547 Dec 30 16:08 known_hosts
linuxidc@redora ~/.ssh $

果然如此,現根據上面的提示將id_rsa、id_rsa.pub、known_hosts的許可權修改為只有自己可以讀寫。

linuxidc@redora ~/.ssh $ chmod go+r id_rsa*
linuxidc@redora ~/.ssh $ chmod go+r known_hosts
linuxidc@redora ~/.ssh $ ll
total 28
drwx------.  2 linuxidc lwk 4096 Dec 29 18:26 .
drwx------. 10 linuxidc lwk 4096 Dec 30 15:21 ..
-rw-------.  1 linuxidc lwk  397 Dec 29 16:15 authorized_keys
-rw-------.  1 linuxidc lwk 1675 Dec 30 16:08 id_rsa
-rw-------.  1 linuxidc lwk  397 Dec 30 16:08 id_rsa.pub
-rw-------.  1 linuxidc lwk 6547 Dec 30 16:08 known_hosts

切換目錄到~/Public/project/com/gitee,繼續clone

linuxidc@redora ~ $ cd Public/project/com/gitee/
linuxidc@redora ~/Public/project/com/gitee $ git clone git@github.com:spring-projects/spring-boot.git
Cloning into 'spring-boot'...
remote: Counting objects: 318361, done.
remote: Compressing objects: 100% (323/323), done.

至此問題解決。

3、總結

出現這種情況主要還是由於初學者不熟悉Linux操作命令而導致的,如果能熟練使用ssh-copy-id就不會出現這樣的問題,具體命令如下:

linuxidc@linuxidc.com ~ $ ssh-copy-id -i ~/.ssh/id_rsa.pub linuxidc@fedora
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/linuxidc/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
linuxidc@Ubuntu's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'linuxidc@fedora'"
and check to make sure that only the key(s) you wanted were added.

linuxidc@linuxidc.com ~ $

相關文章

IT145.com E-mail:sddin#qq.com