Fix SSH Key Security Issue in Cygwin

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0660 for 'id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

I recently came across an issue with a Git-related SSH key in which I received the message above. This appears to be caused by the default ownership and permissions assigned to new files in Cygwin. Configuring SSH keys in Cygwin requires that the id_rsa/id_rsa.pub key pairs be owned by the correct entity and have the correct permissions. (This is likely true in other operating systems, also.)

For the following example on how to solve this, I’ll use id_rsa as the private key file and id_rsa.pub as the public key file. I’ll assume that the folder .ssh is in your Cygwin home directory, which, in my case, is /home/Roy.

  1. Launch Cygwin
  2. Start your ssh-agent, if you haven’t already:
    eval `ssh-agent -s`
  3. Navigate to the .ssh folder:
    cd ~/.ssh
  4. Change the group of the id_rsa and id_rsa.pub files to Users:
    chown :Users id_rsa id_rsa.pub
  5. The owner of the key files must have read and write privileges, but the group and the world should have no access to these files. Thus, permissions on both files should be 600:
    chmod 600 id_rsa id_rsa.pub
  6. Load the key, and enter your password (should you need to) when prompted:
    ssh-add id_rsa

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.