-1

We are trying to patch an issue we are having with some file systems by making SSH work without the permission validation on the SSH private key.

Error message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

For some odd reasons, we are not able to change the access rights to some files (Welcome to the Cygwin world of Windows)

Anyone know if there is a way to bypass the ssh validation through whatever way? I did not find anything relevant in the ssh options.

If you are to reply chmod 400 or 600 it is not what I am looking for!

Thierry
  • 111

3 Answers3

3

Anyone know if there is a way to bypass the ssh validation through whatever way?

Your question makes zero sense in this situation... you're receiving an error due to wrong permissions and/or ownership of the key, as keys must only be accessible to the user they're intended for and no other account, service, or group:

  • GUI:
    [File] PropertiesSecurityAdvanced
    1. Owner: Change → Select a principal → Enter key's user → OK
    2. Permission Entries: Remove all except for the key's user
    3. Set key's user to Full Control if not already set
      1. Select user → Modify → Full Control → OK
        OR
      2. Add → Select a principal → Enter key's user → OK
    4. OK → OK

  • Cmd: 
    ::# Set Key File Variable:
    Set Key="%UserProfile%\.ssh\id_rsa"

    ::# Remove Inheritance:
    Icacls %Key% /c /t /Inheritance:d
    

    ::# Set Ownership to Owner:
    Icacls %Key% /c /t /Grant %UserName%:F
    

    ::# Remove All Users, except for Owner:
    Icacls %Key%  /c /t /Remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users
    

    ::# Verify:
    Icacls %Key%
    

    ::# Remove Variable:
    set "Key="

  • PowerShell: 
    # Set Key File Variable:
  New-Variable -Name Key -Value "$env:UserProfile\.ssh\id_rsa"

    Remove Inheritance:
    

    Icacls $Key /c /t /Inheritance:d
    

    Set Ownership to Owner:
    

    Icacls $Key /c /t /Grant $env:UserName:F
    

    Remove All Users, except for Owner:
    

    Icacls $Key  /c /t /Remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users
    

    Verify:
    

    Icacls $Key
    

    Remove Variable:
    

    Remove-Variable -Name Key

  • WSL/Cygwin: 
    # Set Variables:
  # Key File:
    key="/path/to/key"

    User:
    

    user="$(echo $USER)"


    

    Set Ownership to Owner: (assumes user's name is also user's group name)
    

    chown $user:$user $key
    

    Set Access Rights
    

    chmod 0600 $key
    

    Verify
    

    ls -l $key
JW0914
  • 9,096
0

I had the exact same issue with Cygwin and managed to get through it by editing the key file properties in my windows explorer (Properties-Security-Advanced) and removed all groups left only my user name on it and set it up as read only.

-r-------- 1 antonio Domain Users 1692 Jan 15 19:22 AWS_Antonio.pem

That solved the issue for me. Inspired on this article. Windows SSH: Permissions for 'private-key' are too open

Antonio Nunez
  • 1
0

I'm not sure if you understand what this message means or what you are asking for.

Basically, SSH is telling you that your private key, which in this case as it's not owned by you, is public. That means in plan English: "Your password is in plain text. Everyone who has access to this box has access to it."

You want SSH to ignore this but SSH was design to be safe and secure. As you were told: if you can't change permissions on this file you have not installed cygwin correctly.

Could you please explain why you want to override this warning?

You can always install telnet-server

Chris
  • 1,927