Secure Shell (SSH) is a powerful and widely used protocol for securely accessing remote servers and managing them. However, like any technology, SSH can occasionally present users with errors that can be frustrating to troubleshoot. One such error is the « Permissions for Key Are Too Open » message.
In this article, we will explain the root cause of this error, and provide step-by-step instructions on how to resolve it effectively.
Understanding the SSH Error
When attempting to establish an SSH connection to a remote server using key-based authentication, users may encounter an error message stating « Permissions for Key Are Too Open. »
Here is an exemple of the error mesasge when accessing to a server with ssh :
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ A @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ A @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ A Permissions 0755 for '/etc/ssh/ssh_host_rsa_key' are too open. A It is required that your private key files are NOT accessible by others. A This private key will be ignored.A sshd.service: main process exited, code=exited, status=1/FAILURE A key_load_private: bad permissions A Could not load host key: /etc/ssh/ssh_host_rsa_key A sshd: no hostkeys available -- exiting. A Failed to start OpenSSH server daemon. A Unit sshd.service entered failed state. A sshd.service failed.
As you can see, the private key file used for authentication /etc/ssh/ssh_host_rsa_key has the permissions 755 wich is too permissive. Therefore the private key is ignored.
So unauthorized users or malicious actors could potentially gain access to your server, compromising its integrity and exposing sensitive data.
Resolving the Error
Here is steps to follow to resolve this issue :
- Identify the Key File: Locate the private key file that you are using for SSH authentication. By default, this file is often named
id_rsaorid_dsaand is typically stored in the~/.ssh/directory on your local machine. - Check Current Permissions: Open your terminal and navigate to the directory where the private key file is located. Use the
ls -lcommand to view the current permissions of the key file. - Modify Permissions :
- To fix the issue, you need to restrict the permissions on the private key file. The recommended permissions is 600. Use the
chmodcommand to adjust the permissions :
#chmod 600 *_key
Just to be sure, run the following command if the ownership is not root :
#chown root:root *_key
MySQL: Comment s’y connecter en ligne de commande
nmap : les 12 commandes que vous devez connaître
Réinitialiser le mot de passe root sur CentOS
Installation d’un certificat SSL sur un serveur Nginx
Fail2Ban : How to protect Linux services