SSH Error: Permissions for Key Are Too Open

Secure Shell (SSH) is a powerful and widely used protocol for securely accessing remote servers and managing them. However, like any technology, SSH can occasionally present users with errors that can be frustrating to troubleshoot. One such error is the « Permissions for Key Are Too Open » message.

In this article, we will explain the root cause of this error, and provide step-by-step instructions on how to resolve it effectively.

Understanding the SSH Error

When attempting to establish an SSH connection to a remote server using key-based authentication, users may encounter an error message stating « Permissions for Key Are Too Open. »

Here is an exemple of the error mesasge when accessing to a server with ssh :

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ A
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ A
Permissions 0755 for '/etc/ssh/ssh_host_rsa_key' are too open. A
It is required that your private key files are NOT accessible by others. A
This private key will be ignored.A
sshd.service: main process exited, code=exited, status=1/FAILURE A
key_load_private: bad permissions A
Could not load host key: /etc/ssh/ssh_host_rsa_key A 
sshd: no hostkeys available -- exiting. A
Failed to start OpenSSH server daemon. A
Unit sshd.service entered failed state. A
sshd.service failed.

As you can see, the private key file used for authentication /etc/ssh/ssh_host_rsa_key has the permissions 755 wich is too permissive. Therefore the private key is ignored.

So unauthorized users or malicious actors could potentially gain access to your server, compromising its integrity and exposing sensitive data.

Resolving the Error

Here is steps to follow to resolve this issue :

  • Identify the Key File: Locate the private key file that you are using for SSH authentication. By default, this file is often named id_rsa or id_dsa and is typically stored in the ~/.ssh/ directory on your local machine.
  • Check Current Permissions: Open your terminal and navigate to the directory where the private key file is located. Use the ls -l command to view the current permissions of the key file.
  • Modify Permissions :
  • To fix the issue, you need to restrict the permissions on the private key file. The recommended permissions is 600. Use the chmod command to adjust the permissions :
#chmod 600 *_key

Just to be sure, run the following command if the ownership is not root :

#chown root:root *_key

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *