Using git through cygwin on windows 8

16

5

I've got a windows 8 dev preview (not sure if it's relevant, but I never had this hassle on w7) machine and I'm trying to clone a git repo from github.

The problem is that my ~/.ssh/id_rsa has 440 permissions and it needs to be 400. I've tried chmodding it but the any changes on the user permissions gets reflected in the group permissions (i.e. chmod 600 results in 660, etc). This appears to be constant throughout any file in the whole filesystem.

I've tried messing with the ACLs but to no avail (full control on my user and deny everyone resulted in 000)

here's a few outputs to help:

$ git clone [removed]
Cloning into [removed]...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0660 for '/home/john/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/john/.ssh/id_rsa
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

$ ll ~/.ssh
total 6
-r--r----- 1 john None 1675 Nov 30 19:15 id_rsa
-rw-rw---- 1 john None  411 Nov 30 19:15 id_rsa.pub
-rw-rw-r-- 1 john None  407 Nov 30 18:43 known_hosts

$ chmod -v 400 ~/.ssh/id_rsa
mode of `/home/john/.ssh/id_rsa' changed from 0440 (r--r-----) to 0400 (r--------)

$ ll ~/.ssh
total 6
-r--r----- 1 john None 1675 Nov 30 19:15 id_rsa
-rw-rw---- 1 john None  411 Nov 30 19:15 id_rsa.pub
-rw-rw-r-- 1 john None  407 Nov 30 18:43 known_hosts

$ set | grep CYGWIN
CYGWIN='sbmntsec ntsec server ntea'

I realize I could use msysgit or something, but I'd prefer to be able to do everything from a single terminal

Edit: Msysgit doesn't work either for the same reasons

9point6

Posted 2011-11-30T20:08:37.330

Reputation: 387

Same issue here. Windows 8 Consumer Preview. – Simon Hartcher – 2012-03-04T03:03:55.477

"I've tried messing with the ACLs but to no avail (full control on my user and deny everyone resulted in 000)" So ls -l shows the permissions as 000 (----------) -- but are you still able to read the file, and do ssh and git clone complain about it? I speculate that ssh won't complain about the permissions appearing to be too strict. A quick look at the source code tends to confirm this, but I haven't tested it. – Keith Thompson – 2012-03-27T03:37:53.680

Answers

26

There is no Need for an empty group.

During the Installation of cygwin all files belong to no group. You can check this by doing an ls -al. You will see that no group ("none") is on the files. Just change it to Users:

chgrp Users *

After this you can chmod whatever you like.

Roi Danton

Posted 2011-11-30T20:08:37.330

Reputation: 276

chgrp Users * will only change all files and folders in $PWD. To change all subfolders/files as wellas $PWD, use -R option: chgrp -R users * – adam – 2015-02-18T17:59:24.473

4

I've found a Cygwin-specific hack to get around this for now.

Short version:
Simply create a new empty windows group, use chgrp to change the group of id_rsa to this, and then deny read/write permissions for the group.

Long version:
Press the super key and type lusrmgr.msc. Use this manager to create an empty group, called say EMPTY_GROUP

Now we need to tell Cygwin about this new group.

mkgroup > /etc/group

Next we update the group of id_rsa:

chgrp EMPTY_GROUP ~/.ssh/id_rsa

Finally, go find id_rsa in Windows Explorer, and under the Security tab in Properties, deny read/write permissions, and you should be good to go.

I'm not sure how Cygwin was able to handle this in 7 but not 8, but the problem seems to stems from the group of the id_rsa file being None, a group that always has full read/write access.

Also, this seems to only work for the ssh.exe that comes with Cygwin, so if you want to use say ssh with git, overwrite the ssh.exe from bin in your git install with the one from the bin folder in your Cywgin install.

Daniel Stiner

Posted 2011-11-30T20:08:37.330

Reputation: 41

2

Win 8 + Cygwin

I am on Windows 8, 64bit. Doing the following solves it for me:

## Start Cygwin shell
cd .ssh
chmod 600 key-file-name

gsbabil

Posted 2011-11-30T20:08:37.330

Reputation: 259

1

I would like to comment on that issue as well. I encountered a similar problem on my Windows 7 PC using git through Cygwin.

When trying to push changes from my local git repository to a remote repository (using a ssh and a keypair for authentication), git threw a message that the permissions 0660 were too open for the file

~/.ssh/id_rsa.

Of course it is OK for the ssh-agent to reject this open private key.

So I tried the things mentioned in this thread and other threads that was related to the ownership and the rwx-pattern of the file and the ~/.ssh folder

chgrp Users ~/.ssh/*
chmod 400 ~/.ssh/id_rsa

However, the same error was thrown over and over.

For some reason it was necessary to kill the ssh-agent process in cygwin and execute the following command in the bourne again shell (bash).

eval `ssh-agent -s`

Do not forget to add the desired identity to the ssh-agent, e.g.

ssh-add ~/.ssh/id_rsa

Then I repeated a valid push command like

git push origin master

and everything worked well.

MichaelHuelsen

Posted 2011-11-30T20:08:37.330

Reputation: 111

1

In cygwin, type these commands:

  • Set the correct group to the home folder:

    chgrp -Rv HomeUsers /home

  • Set the correct permissions for the ssh identity files:

    chmod 600 -Rv ~/.ssh/id*

NB: the previous accepted answer is out of date. The group name is "HomeUsers", not "Users", cannot comment yet.

Julien Ricard

Posted 2011-11-30T20:08:37.330

Reputation: 111

0

  1. id_rsa -> Right click -> Properties -> Security -> Edit
  2. Remove all groups and users (Don't press OK or Apply)
  3. Add -> Enter your current user name -> Check Names
  4. Allow "Full Control"
  5. Apply

(Windows 10 Pro)

optimiertes

Posted 2011-11-30T20:08:37.330

Reputation: 101

0

To extend Roi Danton's answer. If you have installed Windows 8 over your old Windows installation, and your previous cygwin directory is still in tact, you will need to do a few other things first.

First, Take Ownership Of The Cygwin Directories/Files

There will be some user accounts associated with the directory and subdirectories/files that look something like S-1-2-34-1234567890-1234567890-1234567890-123

User accounts

Remove these and take ownership with your own user account.

  1. Access the Properties of the cygwin directory
  2. Click Advanced on the Security tab
  3. Change the owner to yourself. You can type in your first name or associated email address
  4. Remove any unknown users from the list
  5. Click Enable Inheritance
  6. Check `Replace all child object permission entries with inheritable permission entries from this object
  7. Click OK at the bottom and then Yes to the dialog box.

Windows Security Dialog Box

Then, In Cygwin, Change The User Group Of All The Key Files

From Roi Danton's answer:

During the Installation of cygwin all files belong to no group. You can check this by doing an ls -al.

  1. Open Cygwin and navigate to the .ssh directory - cd ~/.ssh
  2. Run chgrp Users * - this will allow you to chmod the files properly.
  3. Finally, run chmod 400 *. 600 will also work.

Test To See If It Worked

Simply ssh to your server of choice. In my case, its Bitbucket.

Good result:

$ ssh hg@bitbucket.org
PTY allocation request failed on channel 0
conq: logged in as simonhartcher.

You can use git or hg to connect to Bitbucket. Shell access is disabled.
Connection to bitbucket.org closed.

Bad result:

$ ssh hg@bitbucket.org
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/home/Simon/.ssh/id_dsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/Simon/.ssh/id_dsa
Permission denied (publickey).

Simon Hartcher

Posted 2011-11-30T20:08:37.330

Reputation: 232

2With OpenSSH for Windows (not cygwin) I get

chgrp Users * "C:/opscode/chef/embedded/bin/chgrp.exe": invalid group `Users' – Jonathan – 2015-02-18T19:17:45.500