LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 10-19-2010, 10:38 AM   #1
dlublink
Member
 
Registered: Oct 2004
Location: Canada
Distribution: Ubuntu
Posts: 329

Rep: Reputation: 30
WARNING: UNPROTECTED PRIVATE KEY FILE! -> override ?


Hello,

I get the following message :

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/media/KINGSTON/david-private.key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /media/KINGSTON/david-private.key
Permission denied (publickey).
lost connection


I want to connect anyway, I have the key on my usb key and it is protected using a password. How can I force scp and ssh to use the key anyway ?

I know it's possible, because when running as root it uses the key despite the bad permissions.

I am looking for a command line parameter as I move around between three different computers.

Thanks,

David
 
Old 10-19-2010, 10:39 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,653

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
Why can't you
Code:
chmod go-rxw /media/KINGSTON/david-private.key
?
 
Old 10-19-2010, 11:44 AM   #3
dlublink
Member
 
Registered: Oct 2004
Location: Canada
Distribution: Ubuntu
Posts: 329

Original Poster
Rep: Reputation: 30
The filesystem used does not support permissions. It is vFAT.

/dev/sdb1 on /media/KINGSTON type vfat (rw,nosuid,nodev,uhelper=udisks,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,flush)

David

Last edited by dlublink; 10-19-2010 at 11:47 AM. Reason: vfat, not fat
 
Old 10-19-2010, 03:04 PM   #4
dlublink
Member
 
Registered: Oct 2004
Location: Canada
Distribution: Ubuntu
Posts: 329

Original Poster
Rep: Reputation: 30
I had a look at the source code and found this :

if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
error("It is recommended that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return 0;
}

The error message is incorrect, this is not a recommendation, it is a requirement. There is no way to bypass this using SSH.

I'll open a ticket.

David
 
Old 10-20-2010, 12:42 PM   #5
dlublink
Member
 
Registered: Oct 2004
Location: Canada
Distribution: Ubuntu
Posts: 329

Original Poster
Rep: Reputation: 30
So there is no work around for a vfat usb key that I found, so I repartitioned the usb disk. The key is a "512 mb" usb key.

I partitioned the usb key in two parts. A 498mb partition and a 2mb partition. The 2mb partition is ext2 which supports chmod 400 on the private key.

I don't like the solution, but it's my only choice.

David
 
Old 02-02-2011, 12:50 PM   #6
Intangir2
LQ Newbie
 
Registered: Feb 2011
Posts: 1

Rep: Reputation: 0
another solution is to mount the usb stick as another user (like nobody) but make sure you have group write for your group

the trick is that hardcoded check tests if its your user first, if its not your user it doesnt worry about the group settings (but still worries about others settings)

so i have my keys flagged as 'nobody, group:mygroup, 660
and it works
 
Old 02-22-2011, 06:10 AM   #7
leksey
LQ Newbie
 
Registered: Feb 2011
Posts: 1

Rep: Reputation: 0
private key on fat partition

Quote:
Originally Posted by dlublink View Post
So there is no work around for a vfat usb key that I found, so I repartitioned the usb disk. The key is a "512 mb" usb key.

I partitioned the usb key in two parts. A 498mb partition and a 2mb partition. The 2mb partition is ext2 which supports chmod 400 on the private key.

I don't like the solution, but it's my only choice.

David
mount_msdosfs -u 1001 -m 700 /dev/da0s1 /mnt/

id
uid=1001(leksey)

ls -alhfog
-rwx------ 1 leksey wheel - 736B Feb 22 13:06 privatekey

see also glyph.twistedmatrix.com/2009/02/using-ssh-keys-on-usb-drive-on-macos-x.html
 
Old 05-27-2011, 03:47 PM   #8
ygini
LQ Newbie
 
Registered: May 2011
Posts: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by dlublink View Post
So there is no work around for a vfat usb key that I found, so I repartitioned the usb disk. The key is a "512 mb" usb key.

I partitioned the usb key in two parts. A 498mb partition and a 2mb partition. The 2mb partition is ext2 which supports chmod 400 on the private key.

I don't like the solution, but it's my only choice.

David
Hello David,

I'm looking for the exact same setting, a biometric USB key with my different SSH config and private key, and of course I've the same problem.

I would avoid the second partition for one reason, I want to be able to use my key on all kind of computerů

So, I'm wondering if you have find an other solution ?

Yoann
 
  


Reply

Tags
override, permissions, private key


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Importing private key from key server ManiDhillon Linux - General 2 07-09-2010 07:56 PM
issue in using private key file in bash script manya Programming 3 08-24-2009 02:49 AM
Public key, private key explained calande Linux - Security 3 06-12-2008 06:23 AM
From the "Well, duh!" File: Unprotected PCs can be hijacked in minutes TruckStuff Linux - Security 0 12-01-2004 11:43 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM


All times are GMT -5. The time now is 04:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration