I installed my SSH private key in ~/.ssh/id_rsa
and set its permissions to 0600
. When I connect to an SSH server which uses my private key in Terminal.app via ssh
, a dialog pops up and asks me to enter my password to access the id_rsa
file:
I see the same dialog when I connect to an FTP server with the Interarchy GUI client.
Update: I see this dialog every time I connect regardless of whether I check "Remember password in my keychain". It appears two more times if the OK button is clicked regardless of what is entered in the password field.
When I relax these permissions to, say, 0640
, I no longer see a dialog asking me for my password but ssh
aborts with the following error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0640 for '/Users/myusername/.ssh/id_rsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /Users/myusername/.ssh/id_rsa
I find the password dialog extremely annoying and I am sure there must be some way to avoid having to dismiss this dialog SSH needs to access the id_rsa
file.
Note: I am running Mac OS X 10.6.8.
Best Answer
Make sure you have a corresponding
id_rsa.pub
orid_dsa.pub
in your~/.ssh
directory.When I had an
id_rsa
but not a correspondingid_rsa.pub
, Mac OS X kept popping up the dialog and remember passowrd in my keychain did nothing.generated the appropriate public key file for me.
If you already had your public file there (rename it to another name) and generate the public key again using the above command, you'll notice that the generated and the old one are not equal. Somehow the older versions of Mac OS X generated a public key that Lion does not like anymore, generating it again fixes that.
For the curious, the key is exactly the same, the part that changes is that there is no "comments" section after the key on the file any longer.