-1

I have executed below command for creating public key from private key, it shows me an error and asking for passphrase.

~# ssh-keygen -y -f key.pem > mykey.pub

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: key.pem
Enter passphrase:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: key.pem
load failed

Thanks(in advance)

Doefi
  • 79
  • 1
  • 4
  • 10

2 Answers2

0

ssh checks if your private key file could be read by other users. Since it is the case, it refuses to go further.

just chmod 600 key.pem and run the tool again (read-write rights only for current user)

Jean-François Fabre
  • 137,073
  • 23
  • 153
  • 219
  • i gave a permission as 600 and run again .It shows like this still sudo ssh-keygen -y -f jj.pem > mykey.pub -bash: mykey.pub: Permission denied.Eventhough iam running as sudo user – Doefi Aug 22 '16 at 06:14
  • As you see the problem is related to `mykey.pub` now! delete the old `mykey.pub` file and retry. Or you are running this from a read-only device like a CD-ROM. – Jean-François Fabre Aug 22 '16 at 06:25
  • No, it's not read-only device problem and deleting the file won't help either. See http://stackoverflow.com/questions/82256/how-do-i-use-sudo-to-redirect-output-to-a-location-i-dont-have-permission-to-wr – techraf Aug 23 '16 at 07:16
  • then check umask. Can you create a file like this: `echo hello > mykey.pub` ? – Jean-François Fabre Aug 23 '16 at 07:17
0

Quick bash-only hack:

ssh-keygen -y -f <(cat key.pem) > mykey.pub

The process substition empolyed here should create a named pipe that has limited permissions.

Aissen
  • 1,500
  • 1
  • 11
  • 17