3

This morning when connecting to my Ubuntu VPS, my local computer is suddenly complaining about my private key:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/noah/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/noah/.ssh/id_rsa

I guess it is possible that I accidentally set the permissions recursively some how, but I think it unlikely... I'm wondering if this might be a result of malware of some sort? I've changed the permissions back to 600, and the warning goes away.

yuttadhammo
  • 217
  • 2
  • 8
  • 1
    This happens to me every time i run a repair permissions on a Mac – Silverfire Jul 15 '11 at 01:40
  • I got the same today on my Arch Linux laptop, I made some updates with the package manager yesterday and installed some screenshot plugins on Firefox today. I have now removed them. I created a new key pair with passphrase and updated the public key on all my recent server accounts. Hope that will be enough, I know ssh did not complain yesterday so permissions must have been ok yesterday. :/ – tirithen Apr 21 '15 at 11:00

1 Answers1

5

Try looking through your ~/.bash_history (or your shell of choice's history file) to see if you accidentally did chmod-ed your private key. That seems the most likely explanation.

If you share this system with other users and your ~/.ssh/ directory is group or world readable you should generate a new private key (see ssh-keygen).

Yes, it could of been caused by malware or someone could of hacked your system... but as my high school auto shop teacher always said, "Fix the easy stuff first,". Do some investigation and see if just wasn't an accident (I've accidentally chmod-ed many things myself) before you start looking into a security compromise.

Community
  • 1
  • Thanks, history shows nothing, though. I don't share the machine with others, either, but I guess I should generate a new private key - a bit of a chore, since I'm using the key to connect to several servers. – yuttadhammo Jul 18 '11 at 02:30
  • Try checking root's `.bash_history` as well. Additionally, you may want to adjust your $HISTSIZE in `~/.bashrc` to increase the length of time commands remain in your shell's history file. –  Jul 18 '11 at 22:44
  • thanks, @kce, but nothing in root's history either. And my $HISTFILESIZE is set to 2000. – yuttadhammo Jul 21 '11 at 10:17
  • Bizarre. You probably should keep a close eye on this system, because if you didn't change the permissions than something else had too. And that doesn't bode well. –  Jul 21 '11 at 15:23