search

felixse / FluentTerminal

A Terminal Emulator based on UWP and web technologies.
GNU General Public License v3.0
9.15k stars 442 forks source link

Unprotected Private Key File #971

Closed luixal closed 2 years ago

luixal commented 2 years ago

Hi,

Once I've setup my ssh keys and configured them in fluent terminal, I'm getting this error message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for '\\\\wsl$\\Debian\\home\\myuser\\.ssh\\id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "\\\\wsl$\\Debian\\home\\myuser\\.ssh\\id_rsa": bad permissions

My private key is protected as (i guess) it has to be:

-r--------  1 myuser myuser 2.6K Oct 28 13:02 id_rsa
-rw-r--r--  1 myuser myuser  571 Oct 28 13:02 id_rsa.pub

Also, this key works perfectly when using it from Windows Terminal or using this command (which is the one I'm using in WT config):

wsl -d Debian ssh myuser@my.great.server

Can it be Fluent related? Any ideas about how to get it to work?

Thanks!

hanskokx commented 2 years ago

https://superuser.com/questions/215504/permissions-on-private-key-in-ssh-folderhttps://superuser.com/questions/215504/permissions-on-private-key-in-ssh-folder

— Hans Kokx On Oct 28, 2021, 10:34 AM -0400, Luis Alberto Pérez García @.***>, wrote:

Hi, Once I've setup my ssh keys and configured them in fluent terminal, I'm getting this error message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for '\\wsl$\Debian\home\myuser\.ssh\id_rsa' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "\\wsl$\Debian\home\myuser\.ssh\id_rsa": bad permissions My private key is protected as (i guess) it has to be: -r-------- 1 myuser myuser 2.6K Oct 28 13:02 id_rsa -rw-r--r-- 1 myuser myuser 571 Oct 28 13:02 id_rsa.pub Also, this key works perfectly when using it from Windows Terminal or using this command (which is the one I'm using in WT config): wsl -d Debian ssh @.*** Can it be Fluent related? Any ideas about how to get it to work? Thanks! — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

luixal commented 2 years ago

Hi @hanskokx, thanks for the link. I checked that same post yesterday and I see no difference between what they propose as solution:

.ssh directory: 700 (drwx------)
public key (.pub file): 644 (-rw-r--r--)
private key (id_rsa): 600 (-rw-------)
lastly your home directory should not be writeable by the group or others (at most 755 (drwxr-xr-x)).

with my current config:

.ssh directory: drwx------  2 myuser myuser 4.0K Oct 28 13:05 .ssh
home directory: drwxr-xr-x 11 myuser myuser 4.0K Oct 28 13:35 myuser
files inside .ssh:
-rw-------  1 myuser myuser 2.6K Oct 28 13:02 id_rsa
-rw-r--r--  1 myuser myuser  571 Oct 28 13:02 id_rsa.pub
-rw-r--r--  1 myuser myuser 1.1K Oct 28 11:00 known_hosts

Am I missing something?

Also, if I launch the ssh session manually inside fluent, using the following command:

ssh myuser@my.server.com

It works flaulessly, ask for my key passphrase and signs me in without problems.

Does fluent use any kind of custom command when launching ssh sessions?

Thanks!

luixal commented 2 years ago

After having a look at the code, I noticed this line:

path = Path.Combine(path, @"OpenSSH\ssh.exe");

so... i guess Fluent uses the windows ssh client and all my config was being done for the WSL distro ssh client.

Anyhow, in case some gets here and wants to use the ssh client inside WSL, I got it working with a workaround:

  1. Create a config file for ssh in ~/.ssh/config and populate it with your servers like this:
Host server1
  Hostname first.server.com
  User server1user
  IdentityFile ~/.ssh/id_rsa

Host server2
  Hostname second.server.com
  User server2user
  IdentityFile ~/.ssh/id_rsa
  1. Then, forget about Fluent's SSH profiles and configure a local profile using this config:

image

I'm using Debian on WSL, just tweak above values to match your distro.

This would open a new terminal using the config from the config file and will ask you for the key passphrase (haven't tested with an empty passprhase key).