This is the mail archive of the
mailing list for the Cygwin project.
Re: Private key file permissions w/Cygwin OpenSSH on Vista
- From: Brian Dessent <brian at dessent dot net>
- To: cygwin at cygwin dot com
- Date: Fri, 29 Jun 2007 19:31:43 -0700
- Subject: Re: Private key file permissions w/Cygwin OpenSSH on Vista
- References: <4685A8FB.email@example.com>
- Reply-to: cygwin at cygwin dot com
> Re: binary distro of OpenSSH 3.8.1p1
If this is a reply to a previous message then please send it as an
actual reply, don't start a new thread. Otherwise, you break threading
in the archives and for anyone using a threaded email client.
> I've been unable to use Cygwin's OpenSSH on Vista w/public key
> authentication because ssh.exe always states the file permissions on the
> private key file--"id_rsa"--are too open.
> I've used the chmod.exe utility to change the permissions on the id_rsa
> file to 600, but ssh.exe still pops up with the same error message.
> I've also used Windows' cacls.exe command to alter the ACLs for the file
> to be ONLY read-accesible to the current user, and the same thing happens.
> This behavior DOES NOT occur on XP and 2000 when I try it, i. e.
> chmod.exe WORKS on these OSs to change id_rsa's permissions so that
> ssh.exe is happy (i. e. to 0600).
> Is there a specific bona-fide way to set the id_rsa file's permission to
> always be acceptable to Cygwin SSH on Vista, in addition to the other
> Windows OSs?
I can't reproduce this. I just tried using a stock Cygwin 1.5.24 and
OpenSSH 4.6p1-1 under Vista and it worked fine. The default permissions
set on the private keyfile by ssh-keygen worked without any fiddling.
$ ls -l .ssh/id*
-rw------- 1 brian None 1675 Jun 29 19:20 .ssh/id_rsa
-rw-r--r-- 1 brian None 393 Jun 29 19:20 .ssh/id_rsa.pub
So, I think you're going to need to give us a lot more information about
your config, starting with the cygcheck output as requested at
<http://cygwin.com/problems.html>. It would also be good to know why
you're trying to use this very old version of OpenSSH, which might mean
that your version of Cygwin is ancient too.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html