1

I have a weird problem where every time after I reboot my Mac I get the following error while trying to deploy using capistrano

Permissions 0644 for '/Users/guy/.ssh/id_rsa.pub' are too open

I don't remember how I fixed this last time. I just remember it was annoying and also happened a reboot to the computer.

my permission for the id_rsa file are 600 and for the id_rsa.pub are 644

if I run chmod 600 id_rsa

then it will ask for a password while deploying with capistrano. a password which I don't know...

any help would be appreciated. thanks

guy schaller
  • 4,710
  • 4
  • 32
  • 54

2 Answers2

1

You need to make sure that all the parent folders of your ssh keys are not writable for group or other.

For instance: 755 or stricter (not 775 anywhere)

That is for:

  • /Users
  • /Users/guy
  • /Users/guy/.ssh

The question "Password dialog appears when SSH private key permissions are set to 0600" includes a lot of good advices, including one that the OP followed:

When I had an id_rsa but not a corresponding id_rsa.pub, Mac OS X kept popping up the dialog and remember password in my keychain did nothing.

cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub

generated the appropriate public key file for me.

So re-generating can help.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Hi thanks for the answer! checked all those folders. all are 755 :( so it still doesn't work – guy schaller Jul 01 '14 at 00:18
  • @guyschaller do you mean do you still see "Permissions are too open"? Or do you only see now the password being asked? – VonC Jul 01 '14 at 05:24
  • still same error of permissions are too open. I don't get it last time this happened after a reboot it just suddenly started working again.. haha – guy schaller Jul 01 '14 at 14:05
  • @guyschaller but now, even after a reboot, it doesn't work, does it? Did you used recently a different ssh url? – VonC Jul 01 '14 at 14:10
  • nope didn't change anything. I use capistrano with its deploy script. same server and same git repo. thanks for the help! – guy schaller Jul 02 '14 at 05:20
  • @guyschaller does the capistrano process uses the same account, and has the same `HOME`? – VonC Jul 02 '14 at 05:35
  • what do you mean same account? I haven't touched anything that has to do with deployment or capistrano. for at least a few weeks. – guy schaller Jul 02 '14 at 05:44
  • @guyschaller ok. Is your provate key owned by the right group? (as in http://stackoverflow.com/a/22674741/6309) – VonC Jul 02 '14 at 05:47
  • @guyschaller check also http://apple.stackexchange.com/a/26252 and http://apple.stackexchange.com/a/33210 – VonC Jul 02 '14 at 05:48
1

ended up just creating a new ssh key with a passphrase, because no other solution worked

https://help.github.com/articles/generating-ssh-keys

guy schaller
  • 4,710
  • 4
  • 32
  • 54
  • Indeed, that was one of the links I mentioned in the comment: I pout it in my answer for more visibility. – VonC Jul 03 '14 at 05:30