I need to use SSH on my machine to access my website and its databases (setting up a symbolic link- but I digress).
Following problem
I enter the command:
ssh-keygen -t dsa
To generate public/private dsa key pair. I save it in the default (/home/user/.ssh/id_dsa
) and enter Enter passphrase twice.
Then I get this back:
WARNING: UNPROTECTED PRIVATE KEY FILE!
Permissions 0755 for '/home/etc.ssh/id_rsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: [then the FILE PATH in VAR/LIB/SOMEWHERE]
Now to work round this I then tried
sudo chmod 600 ~/.ssh/id_rsa sudo chmod 600 ~/.ssh/id_rsa.pub
But shortly after my computer froze up, and on logging back on there was a could not find .ICEauthority error
.
I got round this problem and deleted the SSH files but want to be able to use the correct permissions to avoid these issues in future.
How should I set up ICEauthority, or where should I save the SSH Keys- or what permissions should they have? Would using a virtual machine be best?
This is all very new and I am on a very steep learning curve, so any help appreciated.
Best Answer
chmod 600 ~/.ssh/id_rsa; chmod 600 ~/.ssh/id_rsa.pub
(i.e.chmod u=rw,go= ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
) are correct.chmod 644 ~/.ssh/id_rsa.pub
(i.e.chmod a=r,u+w ~/.ssh/id_rsa.pub
) would also be correct, butchmod 644 ~/.ssh/id_rsa
(i.e.chmod a=r,u+w ~/.ssh/id_rsa
) would not be. Your public key can be public, what matters is that your private key is private.Also your
.ssh
directory itself must be writable only by you:chmod 700 ~/.ssh
orchmod u=rwx,go= ~/.ssh
. You of course need to be able to read it and access files in it (execute permission). It isn't directly harmful if others can read it, but it isn't useful either.You don't need
sudo
. Don't usesudo
to manipulate your own files, that can only lead to mistakes.The error about
.ICEauthority
is not related to thechmod
commands you show. Either it's a coincidence or you ran some other commands that you aren't showing us.