使用 Git GUI 或 ssh-keygen 的 SSH 私钥权限过于开放

发布于 2024-08-07 17:36:15 字数 2151 浏览 10 评论 0原文

最近我一直无法克隆或推送到github,我正在尝试找到根本原因。

这是在 Windows 上

我有 cygwin + git 以及 msysgit。

Msysgit 使用以下选项安装:

  • OpenSSH
  • 从 Windows 命令提示符使用 Git

这给了我 4 个环境来尝试使用 git:

  • Windows cmd 提示符
  • Powershell
  • Git Bash
  • Cygwin

不知何故,我设法让自己陷入这样的境地:使用 msysgit、cmd.exe 或 Powershell 克隆存储库时,出现以下错误:

> Initialized empty Git repository in
> C:/sandbox/SomeProject/.git/
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for
> '/c/Users/Ben/.ssh/id_rsa' are too
> open. It is recommended that your
> private key files are NOT accessible
> by others. This private key will be
> ignored. bad permissions: ignore key:
> /c/Users/Ben/.ssh/id_rsa Permission
> denied (publickey). fatal: The remote
> end hung up unexpectedly

这是使用我的 c:\users\ben\ 文件夹中的 .ssh 文件夹,这是 msysgit 使用的文件夹。 我怀疑 cygwin 可以工作,因为 .ssh 文件夹位于其他地方,但我不确定为什么

在 Git Bash 中,我检查了权限:

$ ls -l -a ~/.ssh

这给了我:

drwxr-xr-x    2 Ben      Administ        0 Oct 12 13:09 .    
drwxr-xr-x   34 Ben      Administ     8192 Oct 12 13:15 ..    
-rw-r--r--    1 Ben      Administ     1743 Oct 12 12:36 id_rsa
-rw-r--r--    1 Ben      Administ      399 Oct 12 12:36 id_rsa.pub    
-rw-r--r--    1 Ben      Administ      407 Oct 12 13:09 known_hosts

这些权限显然太宽松了。他们是怎么变成这样的,我不知道。

我可以尝试改变它们......

$ chmod -v -R 600 ~/.ssh

这告诉我:

mode of `.ssh' changed to 0600 (rw-------)
mode of `.ssh/id_rsa' changed to 0600 (rw-------)
mode of `.ssh/id_rsa.pub' changed to 0600 (rw-------)
mode of `.ssh/known_hosts' changed to 0600 (rw-------)

但它似乎没有效果。我仍然遇到相同的错误,并且执行操作

$ ls -l -a ~/.ssh

会产生与以前相同的权限。

更新:

我尝试修复 cygwin 中这些文件的权限,并且 cygwin 正确报告了它们的权限,而 gitbash 没有: 想法

任何 我怎样才能真正修复这些权限?

Recently I've been unable to clone or push to github, and I'm trying to find the root cause.

This is on windows

I have cygwin + git as well as msysgit.

Msysgit was installed with the following options:

  • OpenSSH
  • Use Git from Windows Command Prompt

That gives me 4 environments to try to use git in:

  • Windows cmd prompt
  • Powershell
  • Git Bash
  • Cygwin

Somehow I've managed to get myself into a position where when I try to clone a repository using msysgit, cmd.exe, or Powershell, I get the following error:

> Initialized empty Git repository in
> C:/sandbox/SomeProject/.git/
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for
> '/c/Users/Ben/.ssh/id_rsa' are too
> open. It is recommended that your
> private key files are NOT accessible
> by others. This private key will be
> ignored. bad permissions: ignore key:
> /c/Users/Ben/.ssh/id_rsa Permission
> denied (publickey). fatal: The remote
> end hung up unexpectedly

This is using the .ssh folder in my c:\users\ben\ folder, which is what is used by msysgit. I suspect cygwin works because the .ssh folder is located elsewhere, but I'm not sure why

In Git Bash, I check the permissions:

$ ls -l -a ~/.ssh

Which gives me:

drwxr-xr-x    2 Ben      Administ        0 Oct 12 13:09 .    
drwxr-xr-x   34 Ben      Administ     8192 Oct 12 13:15 ..    
-rw-r--r--    1 Ben      Administ     1743 Oct 12 12:36 id_rsa
-rw-r--r--    1 Ben      Administ      399 Oct 12 12:36 id_rsa.pub    
-rw-r--r--    1 Ben      Administ      407 Oct 12 13:09 known_hosts

These permissions are apparently too relaxed. How they got this way, I have no idea.

I can try to change them...

$ chmod -v -R 600 ~/.ssh

which tells me:

mode of `.ssh' changed to 0600 (rw-------)
mode of `.ssh/id_rsa' changed to 0600 (rw-------)
mode of `.ssh/id_rsa.pub' changed to 0600 (rw-------)
mode of `.ssh/known_hosts' changed to 0600 (rw-------)

But it seems to have no effect. I still get the same error, and doing

$ ls -l -a ~/.ssh

yields the same permissions as before.

UPDATE:

I tried to fix the permissions to those files in cygwin, and cygwin reports their permissions correctly, gitbash does not:
alt text http://cdn.cloudfiles.mosso.com/c54102/app7962031255448924.jpg

Any ideas on how I can really fix these permissions?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(25

别把无礼当个性 2024-08-14 17:36:16

除非您出于某种原因想要保留该私钥/公钥对 (id_rsa/id_rsa.pub),或者喜欢用头撞墙,否则我建议您重新创建它们并在 github 上更新您的公钥。

首先制作 ~/.ssh 目录的备份副本。

输入以下内容并回答“y”以确定是否要覆盖现有文件。

ssh-keygen -t rsa

将公钥的内容复制到剪贴板。 (以下是在 Mac 上执行此操作的方法)。

cat ~/.ssh/id_rsa.pub | pbcopy

转到您在 github 上的帐户并添加此密钥。

Name: My new public key
Key: <PASTE>

退出终端并重新启动一个新终端。

如果您在从未输入公钥时收到无意义的错误消息,例如“输入您的密码”,请考虑这种重新开始技术。正如您在上面看到的,这并不复杂。

Unless there is a reason that you want to keep that private/public key pair (id_rsa/id_rsa.pub), or enjoy banging your head on the wall, I'd recommend just recreating them and updating your public key on github.

Start by making a backup copy of your ~/.ssh directory.

Enter the following and respond "y" to whether you want to over write the existing files.

ssh-keygen -t rsa

Copy the contents of the public key to your clipboard. (Below is how you should do it on a Mac).

cat ~/.ssh/id_rsa.pub | pbcopy

Go to your account on github and add this key.

Name: My new public key
Key: <PASTE>

Exit from your terminal and restart a new one.

If you get senseless error messages like "Enter your password" for your public key when you never entered one, consider this start over technique. As you see above, it's not complicated.

べ繥欢鉨o。 2024-08-14 17:36:16

我从未设法让 git 在 Powershell 中完全工作。但在 git bash shell 中,我没有任何与权限相关的问题,并且我不需要设置 chmod 等...将 ssh 添加到 Github 后,我就可以启动并运行了。

I never managed to get git to work completely in Powershell. But in the git bash shell I did not have any permission related issues, and I did not need to set chmod etc... After adding the ssh to Github I was up and running.

回忆那么伤 2024-08-14 17:36:16

在终端上输入:

chmod -Rf 700 ~/.ssh/

然后重试。

Type on terminal:

chmod -Rf 700 ~/.ssh/

And try again.

何处潇湘 2024-08-14 17:36:16

您是否从另一台机器复制了密钥文件?

我刚刚在客户端计算机上创建了一个 id_rsa 文件,然后将密钥粘贴到我想要的位置。没有权限问题。没什么可设置的。它刚刚起作用了。如果您使用 PuTTYgen 创建私钥,它也适用。

如果您从另一台计算机复制它,可能会出现一些隐藏的组问题。

在两台 Windows 8.1 机器上测试。使用 Sublime Text 3 复制并粘贴私钥。使用 Git Bash (Git-1.9.4-preview20140611)。

Did you copy the key file from another machine?

I just created an id_rsa file on the client machine then pasted the key in I wanted. No permissions issues. Nothing to set. It just worked. It also works if you use PuTTYgen to create the private key.

Possibly some hidden group issue if you're copying it from another machine.

Tested on two Windows 8.1 machines. Using Sublime Text 3 to copy and paste the private key. Using Git Bash (Git-1.9.4-preview20140611).

戏舞 2024-08-14 17:36:16

将我的 Cygwin 安装升级到 2015 年 2 月左右的版本 (1.7.34(0.285/5/3) 2015-02-04 12:14 x86_64 Cygwin) 后,我突然遇到了 UNPROTECTED私钥文件警告。

我在运行以下命令后修复了此问题:(

setfacl -s u::rw-,g::---,o:--- ~/.ssh/id_rsa

另一个问题的另一个答案提供了更多上下文)

After upgrading my Cygwin installation to a version around February 2015 (1.7.34(0.285/5/3) 2015-02-04 12:14 x86_64 Cygwin), I suddenly ran into the UNPROTECTED PRIVATE KEY FILE warning.

I fixed this problem after running the following command:

setfacl -s u::rw-,g::---,o:--- ~/.ssh/id_rsa

(another answer to another question gives more context)

一枫情书 2024-08-14 17:36:16

我在 Windows 10 上遇到了同样的问题,我尝试通过 SSH 连接到 Vagrant 盒子。这似乎是旧 OpenSSH 版本中的一个错误。对我有用的:

  1. http://www.mls-software.com/ 安装最新的 OpenSSH opensshd.html
  2. where.exe ssh

(如果您使用的是 Powershell,请注意“.exe”)

您可能会看到类似以下内容:

C:\Windows\System32\OpenSSH\ssh.exe
C:\Program Files\OpenSSH\bin\ssh.exe
C:\opscode\chefdk\embedded\git\usr\bin\ssh.exe

请注意,在上面的示例中,最新的 OpenSSH 是第二个路径,所以它不会执行。

要更改顺序:

  1. 右键单击 Windows 按钮 ->设置-> “编辑系统环境变量”
  2. 在“高级”选项卡上,单击“环境变量...”,
  3. 在系统变量下编辑“路径”。
  4. 选择“C:\Program Files\OpenSSH\bin”并“上移”,使其出现在顶部。
  5. 单击“确定”
  6. 重新启动控制台以便应用新的环境变量。

I had the same issue on Windows 10 where I tried to SSH into a Vagrant box. This seems like a bug in the old OpenSSH version. What worked for me:

  1. Install the latest OpenSSH from http://www.mls-software.com/opensshd.html
  2. where.exe ssh

(Note the ".exe" if you are using Powershell)

You might see something like:

C:\Windows\System32\OpenSSH\ssh.exe
C:\Program Files\OpenSSH\bin\ssh.exe
C:\opscode\chefdk\embedded\git\usr\bin\ssh.exe

Note that in the above example the latest OpenSSH is second in the path so it won't execute.

To change the order:

  1. Right-click Windows button -> Settings -> "Edit the System Environment Variables"
  2. On the "Advance" tab click "Environment Variables..."
  3. Under System Variables edit "Path".
  4. Select "C:\Program Files\OpenSSH\bin" and "Move Up" so that it appears on the top.
  5. Click OK
  6. Restart your Console so that the new environment variables may apply.
十年九夏 2024-08-14 17:36:16

我的系统有点混乱,bash/cygwin/git/msysgit/maybe-more...

chmod 对密钥或 config 文件没有影响。

然后我决定从 Windows 来处理它,结果很有效。

  1. 右键单击需要修复权限的文件。
  2. 选择属性
  3. 选择安全选项卡。
  4. 点击底部附近的高级
  5. 点击顶部附近Owner 旁边的Change
  6. 输入“My-Awesome-Username”(显然将其更改为您当前的 Windows 用户名),然后单击检查名称,然后单击确定
  7. 权限条目:下,突出显示每个不是“My-Awesome-Username”的用户,然后选择删除。重复此操作,直到只剩下“My-Awesome-Username”。
  8. 选择“My-Awesome-Username”,然后点击下面的编辑
  9. 确保顶部的类型:设置为允许,然后勾选完全控制旁边的复选框。
  10. 点击确定应用确定确定

  11. 现在再试一次...

似乎有时模拟bash无法控制文件所有权。它特别奇怪,因为它是从模拟 bash 脚本生成的。去算算吧。

My system is a bit of a mess with bash/cygwin/git/msysgit/maybe-more...

chmod had no effect on the key, or the config file.

Then I decided to approach it from Windows, which worked.

  1. Right-Click the file whose permission needs fixing.
  2. Select Properties.
  3. Select the Security tab.
  4. Click Advanced near the bottom.
  5. Click Change, next to Owner near the top.
  6. Type "My-Awesome-Username" (obviously change that to your current Windows username), and click Check Names, then OK.
  7. Under Permission entries:, highlight each user that isn't "My-Awesome-Username", and select Remove. Repeat this until "My-Awesome-Username" is the only one left.
  8. Select "My-Awesome-Username", and click Edit below.
  9. Make sure the Type: at the top is set to Allow, and then tick the checkbox next to Full control.
  10. Hit OK, Apply, OK, OK.

  11. Give it another try now...

Seems the sometimes the mock-bash can't control the file ownership. It's especially weird, as it's generated from a mock-bash script. Go figure.

撩动你心 2024-08-14 17:36:15

您更改了整个目录的权限,我同意 Splash 是一个坏主意。如果您还记得该目录的原始权限是什么,我会尝试将它们设置回该权限,然后

cd ~/.ssh
chmod 700 id_rsa

在 .ssh 文件夹中执行以下操作。这会将 id_rsa 文件设置为仅所有者(您)的 rwx(读、写、执行),而其他人的访问权限为零。

如果您不记得原始设置是什么,请添加一个新用户并为该用户创建一组 SSH 密钥,从而创建一个具有默认权限的新 .ssh 文件夹。您可以使用新的 .ssh 文件夹作为重置 .ssh 文件夹和文件的权限参考。

如果这不起作用,我会尝试卸载 msysgit,删除计算机上的所有 .ssh 文件夹(只是为了安全措施),然后使用您所需的设置重新安装 msysgit 并尝试完全重新开始(尽管我认为您告诉我你已经尝试过了)。

编辑:还刚刚通过 Google 找到了此链接 - 修复“警告:不受保护的私钥”文件!”在 Linux 上 虽然它是针对 Linux 的,但它可能会有所帮助,因为我们正在讨论 liunx 权限等。

You changed the permissions on the whole directory, which I agree with Splash is a bad idea. If you can remember what the original permissions for the directory are, I would try to set them back to that and then do the following

cd ~/.ssh
chmod 700 id_rsa

inside the .ssh folder. That will set the id_rsa file to rwx (read, write, execute) for the owner (you) only, and zero access for everyone else.

If you can't remember what the original settings are, add a new user and create a set of SSH keys for that user, thus creating a new .ssh folder which will have default permissions. You can use that new .ssh folder as the reference for permissions to reset your .ssh folder and files to.

If that doesn't work, I would try doing an uninstall of msysgit, deleting ALL .ssh folders on the computer (just for safe measure), then reinstalling msysgit with your desired settings and try starting over completely (though I think you told me you tried this already).

Edited: Also just found this link via Google -- Fixing "WARNING: UNPROTECTED PRIVATE KEY FILE!" on Linux While it's targeted at linux, it might help since we're talking liunx permissions and such.

只有一腔孤勇 2024-08-14 17:36:15

cygwin的chmod有一个bug,请参考:

https://superuser.com/questions/397288/using-cygwin-in-windows-8-chmod-600-does-not-work-as-expected

chgrp -Rv Users ~/.ssh/* 
chmod -vR 600 ~/.ssh/id_rsa

There is a bug with cygwin's chmod, please refer to:

https://superuser.com/questions/397288/using-cygwin-in-windows-8-chmod-600-does-not-work-as-expected

chgrp -Rv Users ~/.ssh/* 
chmod -vR 600 ~/.ssh/id_rsa
转身以后 2024-08-14 17:36:15

对于 *nix 系统,明显的修复方法是 chmod 600 id_rsa ofc,但在 Windows 7 上我不得不用头撞墙一段时间,但后来我找到了神奇的解决方案:

转到“我的电脑” /右键单击/属性/高级系统设置/环境变量并删除变量(可能来自系统和用户环境):

CYGWIN

基本上,它是 mingw32 使用的一个缺陷git windows 二进制文件,总是看到所有文件 644 和所有文件夹 755。删除环境变量不会改变该行为,但它似乎告诉 ssh.exe 忽略该问题。如果您确实通过资源管理器安全设置为您的 id_rsa 设置了适当的权限(除了您自己之外,实际上不需要任何其他用户,不是“每个人”,不是“管理员”,不是“系统”。没有。只有您) ,你仍然会很安全。

现在,为什么 mingw32(与 cygwin 不同的系统)会任何使用 CYGWIN 环境变量,这超出了我的理解。对我来说看起来像一个错误。

For *nix systems, the obvious fix is chmod 600 id_rsa ofc, but on windows 7 I had to hit my head against the wall for a while, but then I found the magic solution:

go to My Computer / Right Click / Properties / Advanced System Settings / Environment Variables and DELETE the variable (possibly from both system and user environment):

CYGWIN

Basically, its a flaw in mingw32 used by git windows binary, seeing all files 644 and all folders 755 always. Removing the environment variable does not change that behaviour, but it appearantly tells ssh.exe to ignore the problem. If you do set proper permissions to your id_rsa through explorers security settings (there really is no need to have any other user in there than your own, not "everyone", not "administrators", not "system". none. just you), you'll still be secure.

Now, why mingw32, a different system than cygwin, would make any use of the CYGWIN environment variable, is beyond me. Looks like a bug to me.

御守 2024-08-14 17:36:15

我使用的是 XP,这允许 Git Bash 与 Github 进行通信(经过多次挫折):

  1. c:\cygwin\bin\cyg* (约 50 个文件)复制到 c:\ Program Files\Git\bin\
  2. c:\cygwin\bin\ssh.exe 复制到 c:\Program Files\Git\bin\ (覆盖)
  3. 创建文件c:\Documents and Settings\\.ssh\config,其中包含:

    托管 github.com
        用户git
        主机名 github.com
        PreferredAuthentications 公钥
        IdentityFile“/cygdrive/c/Documents and Settings/<用户名>/.ssh/id_rsa”
    
  4. (可选)使用ssh -v git @github 查看已调试的连接。

  5. 尝试一下推一下!

背景:一般问题是这两个的组合:

  • BUG:mingw32 将所有文件视为 644(其他/组可读),并且我在 mingw32、cygwin 或 Windows 中尝试的任何方法都无法修复它。
  • mingw32 的 SSH 版本不允许使用私钥(通常在服务器中是一个很好的策略)。

I'm on XP and this allowed Git Bash to communicate w/ Github (after much frustration):

  1. copy c:\cygwin\bin\cyg* (~50 files) to c:\Program Files\Git\bin\
  2. copy c:\cygwin\bin\ssh.exe to c:\Program Files\Git\bin\ (overwriting)
  3. Create the file c:\Documents and Settings\<username>\.ssh\config containing:

    Host github.com
        User git
        Hostname github.com
        PreferredAuthentications publickey
        IdentityFile "/cygdrive/c/Documents and Settings/<username>/.ssh/id_rsa"
    
  4. (optional) Use ssh -v git@github to see the connection debugged.

  5. Try a push!

Background: The general problem is a combination of these two:

  • BUG: mingw32 sees all files as 644 (other/group-readable), and nothing I tried in mingw32, cygwin, or Windows could fix it.
  • mingw32's SSH version won't allow that for private keys (generally a good policy in a server).
山有枢 2024-08-14 17:36:15

对于使用 此处 的 Git 的 Windows 7(它使用 MinGW,而不是 Cygwin) :

  1. 在 Windows 资源管理器中,右键单击您的 id_rsa 文件,然后选择“属性”
  2. 选择“安全”选项卡,然后单击“编辑...”
  3. 选中除管理员之外的所有组的“完全控制”旁边的“拒绝”框
  4. 重试 Git 命令

For Windows 7 using the Git found here (it uses MinGW, not Cygwin):

  1. In the windows explorer, right-click your id_rsa file and select Properties
  2. Select the Security tab and click Edit...
  3. Check the Deny box next to Full Control for all groups EXCEPT Administrators
  4. Retry your Git command
星星的軌跡 2024-08-14 17:36:15

好的,下面是我实际上如何强制更改 Windows 文件有关 Win7 上的权限本身的方法:
在 Windows 资源管理器中找到您的 ssh 密钥:
C:\Users[your_user_name_here].ssh\id_rsa

右键单击​​文件>属性>安全选项卡>高级按钮>更改权限

现在删除所有不是您用户名的人。这包括管理员和系统用户。此时,您可能会看到有关继承权限的对话框 - 选择不继承的选项 - 因为我们只想更改此文件。

单击“确定”并保存直至完成。

我为此奋斗了好几天,因为我的 Windows 不会从命令行更改文件权限。通过这种方式,它实际上也完成了——而不是使用令人兴奋的解决方法,这可能会产生奇怪的后果。

OK so here is how I actually forced the change on my Windows files regarding the permissions themselves on Win7:
Find your ssh key in windows explorer:
C:\Users[your_user_name_here].ssh\id_rsa

Right-click on file>Properties>Security tab>Advanced button>Change permissions

Now remove everyone that is not actually your username. This includes Administrator and System users. At this point you may get a dialogue about inheriting permissions- choose the option that DOESN'T inherit- since we only want to change this file.

Click OK and save till done.

I fought with this for days because my windows would not change the file permissions from the command line. This way it is also ACTUALLY done- instead of using exciting work arounds that make can have odd consequences.

江南月 2024-08-14 17:36:15

从“属性”更改文件权限、禁用继承和运行 chmod 400 对我来说不起作用。我的私钥文件的权限是:

-r--r----- 1 alex 无 1766 年 3 月 8 日 13:04 /home/alex/.ssh/id_rsa

然后我注意到该组是 None,所以我就跑了

chown alex:管理员 ~/.ssh/id_rsa

然后我可以使用 chmod 400 成功更改权限,并运行 git Push。

Changing file permissions from Properties, disabling inheritance and running chmod 400 didn't work for me. The permissions for my private key file were:

-r--r----- 1 alex None 1766 Mar 8 13:04 /home/alex/.ssh/id_rsa

Then I noticed the group was None, so I just ran

chown alex:Administrators ~/.ssh/id_rsa

Then I could successfully change the permissions with chmod 400, and run a git push.

霓裳挽歌倾城醉 2024-08-14 17:36:15

对于 MAC 用户:

通过在终端中键入以下内容来更改密钥对文件的设置:(

chmod og-r *filename.pem*

确保您位于正确的目录中,或者命令中的路径文件名正确)。

FOR MAC USERS:

Change the settings of your key pair file by typing this in the terminal:

chmod og-r *filename.pem*

(make sure you are in the correct directory, or path filename in the command correctly).

糖粟与秋泊 2024-08-14 17:36:15

我运行解决它:

chmod 400 ~/.ssh/id_rsa

我希望有所帮助。祝你好运。

I solve it running:

chmod 400 ~/.ssh/id_rsa

I hope to help. Good luck.

夏雨凉 2024-08-14 17:36:15

在最近遇到这个问题并且这是谷歌的顶级结果之一之后,我想我会在这里讨论一个简单的解决方法:http://code.google.com/p/msysgit/issues/detail?id=261#c40

只需覆盖 mysys ssh。 exe 与你的 cygwin ssh.exe

After comming across the problem recently and this being one of the top google results i thought i would chip in with a simple work around documented in discussion here: http://code.google.com/p/msysgit/issues/detail?id=261#c40

Simply involves overwriting the mysys ssh.exe with your cygwin ssh.exe

最舍不得你 2024-08-14 17:36:15

我最近在 Windows XP 上也遇到了同样的问题。我尝试在我的 ~/.ssh/id_rsa 文件上 chmod 700 但它似乎不起作用。当我在 ~/.ssh/id_rsa 上使用 ls -l 查看权限时,我可以看到我的有效权限仍然是 644。

然后我记得 Windows 权限也继承了文件夹的权限,并且该文件夹仍然是打开的给大家。解决方案可能是也设置文件夹的权限,但我认为更好的方法是告诉系统忽略该文件的继承。这可以使用文件属性中安全选项卡上的高级选项来完成,并取消选中“继承父权限...”

这可能对遇到相同问题的其他人有帮助。

I had the same problem on Windows XP just recently. I tried to chmod 700 on my ~/.ssh/id_rsa file but it did not seem to work. When I had a look at the permissions using ls -l on the ~/.ssh/id_rsa I could see that my effective permissions still was 644.

Then I remembered that windows permissions also inherit permissions from the folders, and the folder was still open to everyone. A solution could be to set permissions for the folder as well, but I think a better way would be to tell the system to ignore inheritance for this file. This can be done using the advanced option on the security tab in the properties of the file, and unchecking "inherit from parent permissions..."

This might be helpful for others with the same problem.

糖粟与秋泊 2024-08-14 17:36:15

我现在正在使用 Git 1.6.5,我无法复制您的设置:

Administrator@WS2008 /k/git
$ ll ~/.ssh
total 8
drwxr-xr-x    2 Administ Administ     4096 Oct 13 22:04 ./
drwxr-xr-x    6 Administ Administ     4096 Oct  6 21:36 ../
-rw-r--r--    1 Administ Administ        0 Oct 13 22:04 c.txt
-rw-r--r--    1 Administ Administ      403 Sep 30 22:36 config_disabled
-rw-r--r--    1 Administ Administ      887 Aug 30 16:33 id_rsa
-rw-r--r--    1 Administ Administ      226 Aug 30 16:34 id_rsa.pub
-rw-r--r--    1 Administ Administ      843 Aug 30 16:32 id_rsa_putty.ppk
-rw-r--r--    1 Administ Administ      294 Aug 30 16:33 id_rsa_putty.pub
-rw-r--r--    1 Administ Administ     1626 Sep 30 22:49 known_hosts

Administrator@WS2008 /k/git
$ git clone [email protected]:alexandrul/gitbook.git
Initialized empty Git repository in k:/git/gitbook/.git/
remote: Counting objects: 1152, done.
remote: Compressing objects: 100% (625/625), done.
remote: Total 1152 (delta 438), reused 1056 (delta 383)s
Receiving objects: 100% (1152/1152), 1.31 MiB | 78 KiB/s, done.
Resolving deltas: 100% (438/438), done.

Administrator@WS2008 /k/git
$ ssh [email protected]
ERROR: Hi alexandrul! You've successfully authenticated, but GitHub does not pro
vide shell access
Connection to github.com closed.

$ ssh -v
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007

chmod 也不会修改我的密钥的文件权限。

环境:

  • NTFS 上的 Windows Server 2008 SP2
  • 用户:管理员
  • 环境变量:
    • PLINK_PROTOCOL=ssh
    • HOME=/c/profiles/home

更新: Git 1.6.5.1 也可以工作。

I'm playing right now with Git 1.6.5, and I can't replicate your setup:

Administrator@WS2008 /k/git
$ ll ~/.ssh
total 8
drwxr-xr-x    2 Administ Administ     4096 Oct 13 22:04 ./
drwxr-xr-x    6 Administ Administ     4096 Oct  6 21:36 ../
-rw-r--r--    1 Administ Administ        0 Oct 13 22:04 c.txt
-rw-r--r--    1 Administ Administ      403 Sep 30 22:36 config_disabled
-rw-r--r--    1 Administ Administ      887 Aug 30 16:33 id_rsa
-rw-r--r--    1 Administ Administ      226 Aug 30 16:34 id_rsa.pub
-rw-r--r--    1 Administ Administ      843 Aug 30 16:32 id_rsa_putty.ppk
-rw-r--r--    1 Administ Administ      294 Aug 30 16:33 id_rsa_putty.pub
-rw-r--r--    1 Administ Administ     1626 Sep 30 22:49 known_hosts

Administrator@WS2008 /k/git
$ git clone [email protected]:alexandrul/gitbook.git
Initialized empty Git repository in k:/git/gitbook/.git/
remote: Counting objects: 1152, done.
remote: Compressing objects: 100% (625/625), done.
remote: Total 1152 (delta 438), reused 1056 (delta 383)s
Receiving objects: 100% (1152/1152), 1.31 MiB | 78 KiB/s, done.
Resolving deltas: 100% (438/438), done.

Administrator@WS2008 /k/git
$ ssh [email protected]
ERROR: Hi alexandrul! You've successfully authenticated, but GitHub does not pro
vide shell access
Connection to github.com closed.

$ ssh -v
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007

chmod doesn't modify file permissions for my keys either.

Environment:

  • Windows Server 2008 SP2 on NTFS
  • user: administrator
  • environment vars:
    • PLINK_PROTOCOL=ssh
    • HOME=/c/profiles/home

Update: Git 1.6.5.1 works as well.

甚是思念 2024-08-14 17:36:15

这是 Windows 上一个特别复杂的问题,在 Windows 上,仅正确 chmod 文件是不够的。你必须设置你的环境。

在 Windows 上,这对我有用:

  1. 安装 cygwin。

  2. 将 msysgit ssh.exe 替换为 cygwin 的 ssh.exe。

  3. 使用 cygwin bash,chmod 600 私钥文件,对我来说是“id_rsa”。

    使用

  4. 如果还是不行,请进入控制面板->系统属性->高级->环境变量并添加以下环境变量。然后重复步骤 3。

    变量 价值
    CYGWIN    sbmntsec

This is a particularly involved problem on Windows, where it's not enough to just chmod the files correctly. You have to set up your environment.

On Windows, this worked for me:

  1. Install cygwin.

  2. Replace the msysgit ssh.exe with cygwin's ssh.exe.

  3. Using cygwin bash, chmod 600 the private key file, which was "id_rsa" for me.

  4. If it still doesn't work, go to Control Panel -> System Properties -> Advanced -> Environment Variables and add the following environment variable. Then repeat step 3.

    Variable      Value
    CYGWIN      sbmntsec

执妄 2024-08-14 17:36:15

我可以通过做两件事来解决这个问题,尽管您可能不必执行步骤 1。

  1. 从 cygwin ssh.exe 和所有 cyg*.dll 复制到 Git 的 bin 目录中(这可能不是必需的,但它是一个我采取的步骤,但仅此一项并没有解决问题)

  2. 按照以下步骤操作: http://zylstra.wordpress.com/2008/08/29/overcome-herokus-permission-denied-publickey-problem/

    我在 ~/.ssh/config 文件中添加了一些详细信息:

Host heroku.com
主机名 heroku.com
端口22
身份仅是
身份文件 ~/.ssh/id_heroku
TCPKeepAlive 是
用户brandon

我必须使用用户作为heroku.com 的电子邮件地址
注意:这意味着您需要创建一个密钥,我按照此创建密钥,当它提示输入密钥名称时,请务必指定 id_heroku
http://help.github.com/win-set-up-git/

  1. 然后添加密钥:
    heroku 密钥:添加 ~/.ssh/id_heroku.pub

I was able to fix this by doing two things, though you may not have to do step 1.

  1. copy from cygwin ssh.exe and all cyg*.dll into Git's bin directory (this may not be necessary but it is a step I took but this alone did not fix things)

  2. follow the steps from: http://zylstra.wordpress.com/2008/08/29/overcome-herokus-permission-denied-publickey-problem/

    I added some details to my ~/.ssh/config file:

Host heroku.com
Hostname heroku.com
Port 22
IdentitiesOnly yes
IdentityFile ~/.ssh/id_heroku
TCPKeepAlive yes
User brandon

I had to use User as my email address for heroku.com
Note: this means you need to create a key, I followed this to create the key and when it prompts for the name of the key, be sure to specify id_heroku
http://help.github.com/win-set-up-git/

  1. then add the key:
    heroku keys:add ~/.ssh/id_heroku.pub
凉墨 2024-08-14 17:36:15

对我来说,诀窍是用“tty nodosfilewarning”更新CYGWIN环境变量。甚至不需要 chmod 密钥。

What did the trick for me was to update CYGWIN environment variable with: "tty nodosfilewarning". Didn't even need to chmod the key.

骷髅 2024-08-14 17:36:15

@koby 的答案对我不起作用,所以我做了一些改变。

cd ~/.ssh
chmod 700 id_rsa.pub

这对我在 Mac 上来说效果很好。

@koby's answer doesn't work for me, so I make a little change.

cd ~/.ssh
chmod 700 id_rsa.pub

This works well for me on Mac.

故事还在继续 2024-08-14 17:36:15

此处建议的解决方法(chmod/chgrp/setfacl/windows perms)对我在 Windows 7 企业虚拟机上使用 msys64 不起作用。最后,我通过使用 ssh 代理和标准输入上提供的密钥解决了这个问题。将其添加到我的 .bash_profile 中使其成为我的默认登录名:

eval $(ssh-agent -s)
cat ~/.ssh/id_rsa | ssh-add -k -

现在我可以使用 ssh 遥控器进行 git push 和 pull 操作。

None of the workarounds suggested here (chmod/chgrp/setfacl/windows perms) worked for me with msys64 on a Windows 7 corporate VM. In the end I worked around the problem by using an ssh agent with the key provided on stdin. Adding this to my .bash_profile makes it the default for my login:

eval $(ssh-agent -s)
cat ~/.ssh/id_rsa | ssh-add -k -

Now I can do git push and pull with ssh remotes.

云胡 2024-08-14 17:36:15

不是对主要问题的直接答案,而是关于 cygwin 的文件夹如何工作的问题...作为一般规则,cygwin 将所有“您的”文件放在 c:\cygwin\home\username 的等效目录下。它会将该文件夹视为任何特定于用户的设置,而不是 Windows 用户目录。

Not a direct answer to the primary question, but on your question of how cygwin's folder works... As a general rule, cygwin puts all of "your" files under the equiv of c:\cygwin\home\username. It treats that folder for any user-specific settings rather than the Windows user directory.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文