Permissions 0644 for '/home/linuxidc/.ssh/id_rsa' are too open 解決

Permissions 0644 for '/home/linuxidc/.ssh/id_rsa' are too open 解決
1、問題：

前幾天我在的Linux Mint 主機bkjia.com的Virtualbox 上新安裝了一個Fedora27 系統，主機名稱取名為fefora。

將本地.ssh目錄上傳到fedora上：

bkjia@bkjia.com ~ $ scp -r .ssh bkjia@fedora:~/id_rsa.pub                                    100%  397     0.4KB/s   00:00    known_hosts                                   100% 6547     6.4KB/s   00:00    id_rsa                                        100% 1675     1.6KB/s   00:00    bkjia@bkjia.com ~ $

登入到主機fedora上，

bkjia@bkjia.com ~ $ ssh bkjia@fedora Last login: Sat Dec 30 15:45:36 2017 from 192.168.1.4bkjia@redora ~ $ 

切換到目錄~/~/Public/project/com/gitee下，將clone Spring boot 項目源碼:

bkjia@redora ~ $ cd Public/project/com/gitee/bkjia@redora ~/Public/project/com/gitee $ lltotal 8drwxrwxr-x. 2 bkjia lwk 4096 Dec 30 16:07 .drwxrwxr-x. 3 bkjia lwk 4096 Dec 30 15:54 ..bkjia@redora ~/Public/project/com/gitee $ bkjia@redora ~/Public/project/com/gitee $ git clone git@github.com:spring-projects/spring-boot.gitCloning into 'spring-boot'...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Permissions 0644 for '/home/bkjia/.ssh/id_rsa' are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.Load key "/home/bkjia/.ssh/id_rsa": bad permissionsPermission denied (publickey).fatal: Could not read from remote repository.Please make sure you have the correct access rightsand the repository exists.bkjia@redora ~/Public/project/com/gitee $ 

2、解決辦法

經查資料，發現已經有人找到了問題的解決辦法：

仔細閱讀了一下ssh文檔和這句提示，大概的意思時ssh的私人密鑰的許可權開放尺度太大了，可以供人隨意>欣賞了，ssh自身的策略關閉了ssh。
解決方案：將許可權由0644降低為0600
chmod 0600 ~/.ssh/id_rsa

這時回過頭來查看~/.ssh目錄下相關檔案的許可權：

bkjia@redora ~/.ssh $ lltotal 28drwx------.  2 bkjia lwk 4096 Dec 29 18:26 .drwx------. 10 bkjia lwk 4096 Dec 30 15:21 ..-rw-------.  1 bkjia lwk  397 Dec 29 16:15 authorized_keys-rw-r--r--.  1 bkjia lwk 1675 Dec 30 16:08 id_rsa-rw-r--r--.  1 bkjia lwk  397 Dec 30 16:08 id_rsa.pub-rw-r--r--.  1 bkjia lwk 6547 Dec 30 16:08 known_hostsbkjia@redora ~/.ssh $ 

果然如此，現根據上面的提示將id_rsa、id_rsa.pub、known_hosts的許可權修改為只有自己可以讀寫。

bkjia@redora ~/.ssh $ chmod go+r id_rsa*bkjia@redora ~/.ssh $ chmod go+r known_hostsbkjia@redora ~/.ssh $ lltotal 28drwx------.  2 bkjia lwk 4096 Dec 29 18:26 .drwx------. 10 bkjia lwk 4096 Dec 30 15:21 ..-rw-------.  1 bkjia lwk  397 Dec 29 16:15 authorized_keys-rw-------.  1 bkjia lwk 1675 Dec 30 16:08 id_rsa-rw-------.  1 bkjia lwk  397 Dec 30 16:08 id_rsa.pub-rw-------.  1 bkjia lwk 6547 Dec 30 16:08 known_hosts

切換目錄到~/Public/project/com/gitee，繼續clone

bkjia@redora ~ $ cd Public/project/com/gitee/bkjia@redora ~/Public/project/com/gitee $ git clone git@github.com:spring-projects/spring-boot.gitCloning into 'spring-boot'...remote: Counting objects: 318361, done.remote: Compressing objects: 100% (323/323), done.

至此問題解決。

3、總結

出現這種情況主要還是由於初學者不熟悉Linux操作命令而導致的，如果能熟練使用ssh-copy-id就不會出現這樣的問題，具體命令如下：

bkjia@bkjia.com ~ $ ssh-copy-id -i ~/.ssh/id_rsa.pub bkjia@fedora/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/bkjia/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysbkjia@Ubuntu's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'bkjia@fedora'"and check to make sure that only the key(s) you wanted were added.bkjia@bkjia.com ~ $