@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:\\Users\\hanxuel\\OneDrive\\Private\\hanxuel' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:\\Users\\hanxuel\\OneDrive\\Private\\hanxuel": bad permissions
Seems the that private SSH key that I am using has too open permissions.
SSH Key Permissions
On Linux, I am pretty clear about the permissions I need to set.| File | Octal Permissions | File Listing Permissions |
|---|---|---|
| ~/.ssh | 700 | drwx------ |
| ~/.ssh/id_rsa (or other private keys) | 600 | -rw------- |
| ~/.ssh/id_rsa.pub (or other public keys) | 644 | -rw-r--r-- |
So the ~/.ssh directory and SSH private key should be only viewable by myself, although the public key can be more open. The public key is sometimes distributed to other users or used by remote services and it should be public anyway.
Windows SSH Key Permission
Windows file permissions works a bit differently than UNIX. There is filesystem ACL, objects and inheritance. But basically the goal is the same: remove anyone else from reading the private key, except yourself.Here's a script I found on Superuser.com that does that
:: # Set Variable ::
Set Key="C:\Path\to\key"
:: # Remove Inheritance ::
Cmd /c Icacls %Key% /c /t /Inheritance:d
:: # Set Ownership to Owner ::
Cmd /c Icacls %Key% /c /t /Grant %UserName%:F
:: # Remove All Users, except for Owner ::
Cmd /c Icacls %Key% /c /t /Remove Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users
:: # Verify ::
Cmd /c Icacls %Key%
Remember to run this script as Administrator.
This is what the output looks like
λ C:\Apps\private_key.cmd
Set Key="C:\Users\hanxuel\OneDrive\Private\hanxuel"
Cmd /c Icacls "C:\Users\hanxuel\OneDrive\Private\hanxuel" /c /t /Inheritance:d
processed file: C:\Users\hanxuel\OneDrive\Private\hanxuel
Successfully processed 1 files; Failed processing 0 files
Cmd /c Icacls "C:\Users\hanxuel\OneDrive\Private\hanxuel" /c /t /Grant hanxuel:F
processed file: C:\Users\hanxuel\OneDrive\Private\hanxuel
Successfully processed 1 files; Failed processing 0 files
Cmd /c Icacls "C:\Users\hanxuel\OneDrive\Private\hanxuel" /c /t /Remove Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users
processed file: C:\Users\hanxuel\OneDrive\Private\hanxuel
Successfully processed 1 files; Failed processing 0 files
Cmd /c Icacls "C:\Users\hanxuel\OneDrive\Private\hanxuel"
C:\Users\hanxuel\OneDrive\Private\hanxuel ACME\hanxuel:(F)
ACME\xilongj:(F)
Successfully processed 1 files; Failed processing 0 files
No comments:
Post a Comment