SSH Error - Permissions Are Too Open

SSH Error - Permissions Are Too Open

This tutorial provides the cause and resolution of the SSH error - Permissions xxxx for 'xxxx' are too open.

March 21, 2020

In several situations, you might have faced the SSH error - Permissions xxxx for 'xxxx' are too open. This tutorial provides the cause of this error and also provides the resolution. This tutorial is written for Ubuntu, but the steps should be the same for other Linux based systems.

Error Cause

When we try to commit to a repository using the SSH key having wider permissions, SSH throws this error. SSH only allows secure keys to access the git repositories using the SSH keys. The error should be similar to the one as shown below.

ubuntu@ubuntu:/data/keys$ ssh -i key.pem lsworld@lsworld.abc
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "key.pem": bad permissions
lsworld@lsworld.abc: Permission denied (publickey).

Error Resolution

The error mentioned in the previous section states that the permissions 0644 are too wide to be used by other users which are not allowed by SSH. We can resolve this error by restricting the file access only to the owner by using the permissions as shown below.

# Keys readable by the owner
chmod 400 key.pem

# Keys readable or writable by the owner
chmod 600 key.pem

We can resolve the error by using the appropriate permission as shown above. If the error is thrown for the keys generated by the system, we can resolve it as shown below.

# Keys readable by the owner
chmod 400 ~/.ssh/id_rsa

# Keys readable or writable by the owner
chmod 600 ~/.ssh/id_rsa

You may also join the discussion and write your comments mentioning the similar issues faced by you.

Write a Comment
Click the captcha image to get new code.
Discussion Forum by DISQUS