使用 Git GUI 或 ssh-keygen 的 SSH 私钥权限过于开放 [英] SSH Private Key Permissions using Git GUI or ssh-keygen are too open

问题描述

最近我一直无法克隆或推送到 github，我正在努力寻找根本原因.

Recently I've been unable to clone or push to github, and I'm trying to find the root cause.

这是在 Windows 上

我有 cygwin + git 和 msysgit.

I have cygwin + git as well as msysgit.

Msysgit 使用以下选项安装:

Msysgit was installed with the following options:

• OpenSSH
• 从 Windows 命令提示符使用 Git

这给了我 4 个尝试在其中使用 git 的环境:

That gives me 4 environments to try to use git in:

• Windows cmd 提示符
• Powershell
• Git Bash
• Cygwin

不知何故，当我尝试使用 msysgit、cmd.exe 或 Powershell 克隆存储库时，我设法让自己陷入了以下错误:

Somehow I've managed to get myself into a position where when I try to clone a repository using msysgit, cmd.exe, or Powershell, I get the following error:

> Initialized empty Git repository in
> C:/sandbox/SomeProject/.git/
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for
> '/c/Users/Ben/.ssh/id_rsa' are too
> open. It is recommended that your
> private key files are NOT accessible
> by others. This private key will be
> ignored. bad permissions: ignore key:
> /c/Users/Ben/.ssh/id_rsa Permission
> denied (publickey). fatal: The remote
> end hung up unexpectedly

这是使用我的 c:usersen 文件夹中的 .ssh 文件夹，这是 msysgit 使用的.我怀疑 cygwin 可以工作，因为 .ssh 文件夹位于其他地方，但我不知道为什么

This is using the .ssh folder in my c:usersen folder, which is what is used by msysgit. I suspect cygwin works because the .ssh folder is located elsewhere, but I'm not sure why

在 Git Bash 中，我检查权限:

In Git Bash, I check the permissions:

$ ls -l -a ~/.ssh

这给了我:

drwxr-xr-x    2 Ben      Administ        0 Oct 12 13:09 .    
drwxr-xr-x   34 Ben      Administ     8192 Oct 12 13:15 ..    
-rw-r--r--    1 Ben      Administ     1743 Oct 12 12:36 id_rsa
-rw-r--r--    1 Ben      Administ      399 Oct 12 12:36 id_rsa.pub    
-rw-r--r--    1 Ben      Administ      407 Oct 12 13:09 known_hosts

这些权限显然太宽松了.他们怎么会这样，我不知道.

These permissions are apparently too relaxed. How they got this way, I have no idea.

我可以尝试改变它们...

I can try to change them...

$ chmod -v -R 600 ~/.ssh

告诉我:

mode of `.ssh' changed to 0600 (rw-------)
mode of `.ssh/id_rsa' changed to 0600 (rw-------)
mode of `.ssh/id_rsa.pub' changed to 0600 (rw-------)
mode of `.ssh/known_hosts' changed to 0600 (rw-------)

不过好像没什么效果.我仍然遇到相同的错误，并且正在执行

But it seems to have no effect. I still get the same error, and doing

$ ls -l -a ~/.ssh

产生与以前相同的权限.

yields the same permissions as before.

更新:

我尝试在 cygwin 中修复这些文件的权限，并且 cygwin 正确报告了它们的权限，而 gitbash 没有:替代文字 http://cdn.cloudfiles.mosso.com/c54102/app7962031255448924.jpg

I tried to fix the permissions to those files in cygwin, and cygwin reports their permissions correctly, gitbash does not: alt text http://cdn.cloudfiles.mosso.com/c54102/app7962031255448924.jpg

关于如何真正修复这些权限的任何想法?

Any ideas on how I can really fix these permissions?

推荐答案

您更改了整个目录的权限，我同意 Splash 是个坏主意.如果您还记得目录的原始权限是什么，我会尝试将它们重新设置为该权限，然后执行以下操作

You changed the permissions on the whole directory, which I agree with Splash is a bad idea. If you can remember what the original permissions for the directory are, I would try to set them back to that and then do the following

cd ~/.ssh
chmod 700 id_rsa

在 .ssh 文件夹内.这会将 id_rsa 文件设置为仅所有者(您)的 rwx(读取、写入、执行)，其他所有人的访问权限为零.

inside the .ssh folder. That will set the id_rsa file to rwx (read, write, execute) for the owner (you) only, and zero access for everyone else.

如果您不记得原始设置是什么，请添加一个新用户并为该用户创建一组 SSH 密钥，从而创建一个具有默认权限的新 .ssh 文件夹.您可以使用新的 .ssh 文件夹作为将 .ssh 文件夹和文件重置为的权限参考.

If you can't remember what the original settings are, add a new user and create a set of SSH keys for that user, thus creating a new .ssh folder which will have default permissions. You can use that new .ssh folder as the reference for permissions to reset your .ssh folder and files to.

如果这不起作用，我会尝试卸载 msysgit，删除计算机上的所有 .ssh 文件夹(只是为了安全措施)，然后使用您想要的设置重新安装 msysgit 并尝试完全重新开始(尽管我认为你告诉我你已经试过了).

If that doesn't work, I would try doing an uninstall of msysgit, deleting ALL .ssh folders on the computer (just for safe measure), then reinstalling msysgit with your desired settings and try starting over completely (though I think you told me you tried this already).

也刚刚通过谷歌找到了这个链接——修复警告:未受保护的私钥文件！"在 Linux 上 虽然它是针对 linux 的，但它可能会有所帮助，因为我们正在谈论 liunx 权限等.

Edited: Also just found this link via Google -- Fixing "WARNING: UNPROTECTED PRIVATE KEY FILE!" on Linux While it's targeted at linux, it might help since we're talking liunx permissions and such.

这篇关于使用 Git GUI 或 ssh-keygen 的 SSH 私钥权限过于开放的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！