MacOS – SSH rejecting key file with extended attributes

macospermissionssh

In my .ssh/ directory, when running

$ ssh-add dev 
Permissions 0755 for 'dev' are too open.

But looking at the dev file

$ ls -lF dev
-rw-------@ 1 me  staff  1675 Feb  3 09:37 dev

The @ at the end means that there are extended attributes. So I then run

$ xattr dev
com.apple.metadata:kMDItemWhereFroms
com.apple.quarantine

These have no meaning to me.
It looks to me that the permissions are what they should be (600) where is the discrepancy coming from, and how do I fix it?

Best Answer

I assume your working directory is ~/.ssh/ when you run ssh-add, ls and xattr.

I suspect there is a subdirectory named dev (i.e., ~/.ssh/dev/). Check for it with ls -lFd dev.

ls normally lists the contents of a directory. Adding the -d option lists a directory as a directory itself.

Further, I suspect that there is a file, ~/.ssh/dev/dev which is what ls -lF is displaying the information about.

If my suspicion is correct, xattr dev displays the extended attributes of the subdirectory named dev (not the file dev/dev). The directory attributes probably are not the cause of this problem.

If this is confusing, ls -lFR might help you see what's happening (the -R option recursively lists subdirectories).

Finally, if my suspicion is correct and you're really trying to add a private key identity file named ~/.ssh/dev/dev to the ssh authentication agent, try ssh-add dev/dev (or perhaps better, ssh-add ~/.ssh/dev/dev, which should work no matter the permissions of the enclosing directory.

Related Question