cwrsync permissions on private key

Question

I installed cwRsync 5.3.0 on Windows 8, and I want to set up password-less SSH. I ran ssh-keygen to create the keys, and copied the public key to the remote box. But when I try to SSH, I get this:

C:\>ssh myuser@myhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0660 for '/cygdrive/c/Users/myuser/.ssh/id_dsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /cygdrive/c/Users/myuser/.ssh/id_dsa

How can I change the file's permissions, so cwRsync won't see it as being group-readable? I tried removing the Windows permission inheritance from it, and removing access by anyone but my user. But that seems to have no effect.

did you try the usual solution: running `chmod 600 /cygdrive/c/Users/myuser/.ssh/id_dsa` in a cygwin shell ? — damienfrancois, Oct 03 '14 at 21:20

score 2 · Answer 1 · answered Sep 07 '17 at 17:41

I just ran into the same scenario where I installed cwrsync and didn't have access to chmod via cygwin or other. I was able to fix this using rysnc.exe itself:

Add rsync.exe to your %PATH% if it isn't already there:

PATH=%PATH%;c:\path\to\cwrsync\bin

Change to the folder that your SSH private key is located:

cd c:\users\myuser\.ssh\

Use rsync to perform a local copy of your SSH private key using the chmod switch (700=u+rwx,g=,o=):

rsync --chmod=700 id_dsa id_dsa.bak

Ensure that the rsync command ran successfully by typing each file to ensure the content is the same:

type id_dsa
type id_dsa.bak

Overwrite the original SSH private key with the .bak (which now has the correct permissions):

move id_dsa.bak id_dsa

Test SSH to make sure it is working now:

ssh -i id_dsa myuser@myhost

Very nice hack to use rsync itself to set permissions. Alas it didn't work for me (Win7, 64bit). I fixed it by selecting the `.ssh` folder, disabling inherited permissions from parent and setting "Full Control" to my own account. Then `cwrsync` worked! — Stéphane Gourichon, Jan 07 '18 at 23:46

score 2 · Answer 2 · answered Jul 15 '19 at 14:40

I've recently run into this issue and phiz's answer didn't work for me. However, Stéphane's solution in comments was helpful and I felt it should be a proper answer rather than a comment.

TLDR: Set Windows permissions on the .ssh folder to full access for yourself and nobody else.

Locate the directory where cwRsync keeps your ssh keys (possibly c:\home\username\.ssh or <path to cwRsync install>\home\username\.ssh). Use the Windows permissions dialog to remove all inherited permissions from this directory, and set full control to your own account only.

(Note that I found it necessary to remove permissions from SYSTEM and Administrators for this to work. It may still work with one or other present, but I removed both at once and found it to work that way.)

Unfortunately this doesn't work for me. I still get: `Permissions 0770 for '/home/user/.ssh/id_rsa' are too open`. — Buntel, May 13 '20 at 21:09

cwrsync permissions on private key

2 Answers2