Keychain requires private key files be unprotected - SSH not happy
*Yesterday I created ~/.ssh/id_dsa*
I did that so I could have a convenient place to store a private DSA key I had created on another machine. I put it here because the SSH man page explains that when using the -i option to specify an identity file ~/.ssh/id_dsa is the default location.
*Next I made the permissions 0740 on ~/.ssh/id_dsa*
I figured that since I don't share this machine with anyone that would be secure enough. However SSH disagrees and gave me this message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0740 for '/Users/patrickmoffitt/.ssh/id_dsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
*Not wanting my key to be ignored I made the permissions 0700 on ~/.ssh/id_dsa*
Now SSH no longer gives any security warnings but a new dialog appears from Keychain asking me to: Enter your password for the SSH key "id_dsa"
This dialog makes no sense. id_dsa is the name of a folder not the name of a key file.
*Since I never set a password on the folder; I tried my login password.*
This did not work. I also tried the pass phrase for the key I put into id_dsa with the same result.
I can make the Keychain dialog go away by setting the permissions on id_dsa back to 0740 but that causes SSH to print its security warning.
*Hoping for a work around, I used the Keychain Access application to permit any application to access id_dsa.*
Now I still get the Keychain dialog asking for a password, but I can cancel it and get on with my SSH session.
+Is there a way to get the Keychain and SSH to agree on the permissions for the default private key folder+ ~/.ssh/id_dsa?
I did that so I could have a convenient place to store a private DSA key I had created on another machine. I put it here because the SSH man page explains that when using the -i option to specify an identity file ~/.ssh/id_dsa is the default location.
*Next I made the permissions 0740 on ~/.ssh/id_dsa*
I figured that since I don't share this machine with anyone that would be secure enough. However SSH disagrees and gave me this message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0740 for '/Users/patrickmoffitt/.ssh/id_dsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
*Not wanting my key to be ignored I made the permissions 0700 on ~/.ssh/id_dsa*
Now SSH no longer gives any security warnings but a new dialog appears from Keychain asking me to: Enter your password for the SSH key "id_dsa"
This dialog makes no sense. id_dsa is the name of a folder not the name of a key file.
*Since I never set a password on the folder; I tried my login password.*
This did not work. I also tried the pass phrase for the key I put into id_dsa with the same result.
I can make the Keychain dialog go away by setting the permissions on id_dsa back to 0740 but that causes SSH to print its security warning.
*Hoping for a work around, I used the Keychain Access application to permit any application to access id_dsa.*
Now I still get the Keychain dialog asking for a password, but I can cancel it and get on with my SSH session.
+Is there a way to get the Keychain and SSH to agree on the permissions for the default private key folder+ ~/.ssh/id_dsa?
MacBook4.1, Mac OS X (10.5.5)
