在用私钥远程ssh登录服务器时,出现报错:
permission 0644 for 'id_rsa' are too open
私钥文件如图:
2.问题分析❗❗❗
我们看到,上述私钥文件权限给user开了可读写,给group和others开了可读
❗❗❗
我们直接查ssh命令的帮助手册:
man ssh
找到如下描述:
~/.ssh/id_rsa
Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/exe‐
cute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used
to encrypt the sensitive part of this file using 3DES.
~/.ssh/identity.pub
~/.ssh/id_dsa.pub
~/.ssh/id_ecdsa.pub
~/.ssh/id_ed25519.pub
~/.ssh/id_rsa.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.
意思是
私钥id_rsa文件过于敏感,只能被文件所有者读,而不能被其他用户读;
公钥id_rsa.pub不是那么敏感,可以让所有人可读
不赋予任何权限给群组用户和其他用户
赋予文件所有者读或读写(4/6)的权限
chmod 400 id_rsa
或
chmod 600 id_rsa
成功:
尝试连接
ssh -i id_rsa username@ip
输入密码登录!
但此处按道理不应该输入密码。先挖个坑。
那么,好了,如果id_rsa没有解密密码,可以直接使用,但是如果id_rsa有解密密码,那么就需要进行相应的密码。
