Permissions 0664 for '/home/root/.ssh/id_rsa' are too open.

简介: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0664 for '/home/root/.

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for '/home/root/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/root/.ssh/id_rsa
git@172.16.98.152's password: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

使用两个ssh工具连接远程服务器,NX和putty,连接的时候偶然发现这个错误,说key文件权限太大,估计是key文件的属性被改的问题;
后来上网查了,把权限改成600即可

chmod  600  /home/xiaoqiang.he/.ssh/*

http://blog.chinaunix.net/uid-26952464-id-3699864.html

[admin@ip-localhost ~]$ 
[admin@ip-localhost ~]$ !scp
scp -i key/admin.pem  bak.tar.gz  admin@192.168.1.200:/ 
ssh: connect to host 192.168.1.200 port 22: Connection timed out    //此处报错是因为firewall没有accept端口
lost connection   
[admin@ip-localhost ~]$ scp -i key/admin.pem  bak.tar.gz  admin@192.168.1.100:/home/admin
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
ECDSA key fingerprint is 55:46:d4:c5:8e:56:fa:87:fa:34:bc:d8:8a:5d:bb:8a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.100' (ECDSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for 'key/admin.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: key/admin.pem
Permission denied (publickey).
lost connection
[admin@ip-localhost ~]$ ll key/admin.pem 
-rw-rw-r-- 1 admin admin 1692 Dec  6 11:08 key/admin.pem
[admin@ip-localhost ~]$ 
[admin@ip-localhost ~]$ 
[admin@ip-localhost ~]$ chmod 600 key/admin.pem
[admin@ip-localhost ~]$ 
[admin@ip-localhost ~]$ 
[admin@ip-localhost ~]$ 
[admin@ip-localhost ~]$ scp -i key/admin.pem  bak.tar.gz  admin@192.168.1.100:/home/admin
bak.tar.gz                                                                                                                                                                         100% 1016MB 112.9MB/s   00:09    
[admin@ip-localhost ~]$ 

http://stackoverflow.com/questions/6558080/scp-secure-copy-to-ec2-instance-without-password?rq=1

Below is what I used and it worked. Source was ec2 and target was home machine.

 sudo rsync  -azvv -e "ssh -i /home/ubuntu/key-to-ec2.pem" ec2-user@xx.xxx.xxx.xx:/home/ec2-user/source/ /home/ubuntu/target/

This worked for me:

nohup rsync -zravu --partial --progress  -e "ssh -i xxxx.pem" ubuntu@xx.xx.xx.xx:/mnt/data   /mnt2/ &

 

After suffering a little bit, I believe this will help:

I am using the below command and it has worked without problems:

rsync -av --progress -e ssh /folder1/folder2/* root@xxx.xxx.xxx.xxx:/folder1/folder2

First consideration:

Use the --rsync-path

I prefer in a shell script:

#!/bin/bash

RSYNC = /usr/bin/rsync

$RSYNC [options] [source] [destination]

Second consideration:

Create a publick key by command below for communication between the servers in question. She will not be the same as provided by Amazon.

ssh-keygen -t rsa

Do not forget to enable permission on the target server in /etc/ssh/sshd_config (UBUNTU and CENTOS).

Sync files from one EC2 instance to another

http://ask-leo.com/how_can_i_automate_an_sftp_transfer_between_two_servers.html

Use -v option for verbose and better identify errors.

Third Consideration

If both servers are on EC2 make a restraint by security group

In the security group Server Destination:

inbound: Source / TCP port 22 / IP Security (or group name) of the source server

http://stackoverflow.com/questions/6558080/scp-secure-copy-to-ec2-instance-without-password?rq=1

http://stackoverflow.com/questions/15843195/rsync-to-amazon-ec2-instance

https://askleo.com/how_can_i_automate_an_sftp_transfer_between_two_servers/

No, not correct.
As it turns out, this is something I do regularly with ssh, as well as both sftp and rsync, as part of my backup and load balancing approaches for Ask Leo! Let me walk you through what I’ve done.


SSH Configuration
To begin with, most of this relies on a the configuration of sshd, the SSH (Secure SHell) daemon running on the server you’re attempting to connect to (we’ll call it “server2.com”). Check the “sshd_config” on that server, typically in /etc/ssh. In some cases, these settings are not always present or set the way we need:
RSAAuthentication yes
PubkeyAuthentication yes
This enables the public/private key authentication mechanism we’re about to use.
Public/Private Key Generation
We’ll generate the keypair on the Linux box that you want to connect from. We’ll call that “server1.com”. It’s that box on which you plan to run ssh, sftp or rsync.
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/id_rsa.
Your public key has been saved in .ssh/id_rsa.pub.
The key fingerprint is:
c1:21:e 3:01:26:0d:f7:ec:52:0e:0c:90:9b:6e:d8:47 user1@server1.com
What I’ve done with the command above is generated a public/private key pair. I responded to each prompt by hitting Return.

…mere possession of the private key is sufficient to gain access to what ever resources into which you’ve placed the corresponding public key.
Note that I did NOT enter a passphrase. That’s kind of important, because if you do enter a passphrase you’ll need to enter it in order to use the private key. Since we’re looking for an automated solution, the private key must not have a passphrase.
This is important: by not placing a passphrase on your private key, the security implication is that mere possession of the private key is sufficient to gain access to what ever resources into which you’ve placed the corresponding public key. Safeguard your private key.
My private key was placed in /home/user1/.ssh/id_rsa. This needs to be kept secure, because of the security implication above, but also needs to be available to the process attempting to make an ssh, sftp or rsync connection. If these tools are run under the ‘user1’ account, the tools will automatically look in the “.ssh” directory and I won’t need to specify the private key location. Otherwise, command line options will need to point to the right place and key.
My public key is in /home/user1/.ssh/id_rsa.pub. This is the key that gets distributed to those places that want to grant you access.
Planting the public key
On the “remote” server, server2.com, pick an account – ANY account – that you want to connect as. In that account’s home directory, create a “.ssh” subdirectory, and in that directory create a new text file called “authorized_keys”. If it already exists, that’s fine, use the existing file.
If you create the file and/or directory, I recommend that the directory be chmod 700, and the file 600. In other words, only the owner can access the directory, and the file within it.
Add to that file the contents of the id_rsa.pub file created above. That would be a *single line* that looks something like this:
ssh-rsa <lots of characters> user1@server1.com
Once saved anyone in possession of the private key that matches this public key can now login as this account.
sftp
I planted the public key in the account user2 on server2.com. So now, on my server, server1.com, logged in as user1, and where the private key is stored as described above, an sftp session looks like this:
sftp user2@server2.com
“user2” specifies the remote account on server2.com to login as.
That’s it. Magic happens, and I’m authenticated. That magic? The private key is matched to the public key, which indicates you are authorized to login to that account. An sftp session is born. No interactivity required.
(IF you did enter a passphrase on the private key, you would have been prompted to enter it here. NOTE that this is the passphrase to unlock the private key, which is local. It has nothing to do with any passwords on the remote site.)
rsync
For file copy operations, rsync rocks. It does things like intelligent compression, copy only if needed, and a whole host of other operations.
So, assuming all the keys are set up as above, this rsync command copies a file from the local machine to the remote:
rsync -e ssh file user2@server2.com:/home/user2/
Local file “file” is copied to the remote /home/user2/file after logging in as “user2” using ssh as the transport (hence the “-e ssh” option), and with that, using the private/public key pair we created for authentication. Again, no interactivity required.
Rsync supports an incredibly rich set of options for recursion, compression attribute retention, date/time stamp and so on. Well worth a look see if you’re copying anything of any significant volume.
SSH
Since we’ve gone this far, it’s worth noting that SSH itself just works as well to open up a remote shell once the keys are in place. Example:
ssh user2@server2.com
and *poof* – a remote shell on server2, logged in as user2.

https://askleo.com/how_can_i_automate_an_sftp_transfer_between_two_servers/

 

相关文章
|
安全 Linux 网络安全
上手Linux:禁用 root 用户,修改22端口,使用 ssh 登录
本文介绍了在 linux 系统中,如何禁用 root 用户登录,修改默认的 22 端口号,以及设置只能使用 SSH 秘钥登录的方式,从而在一定程度上提高了系统的安全性。
1301 0
|
网络安全 开发工具 数据安全/隐私保护
解决 Enter passphrase for key ‘/Users/dzm/.ssh/id_rsa‘:
解决 Enter passphrase for key ‘/Users/dzm/.ssh/id_rsa‘:
1679 0
|
网络安全
kali 启用默认root,开启SSH服务,安装VNC,设置服务自启动
启用默认root,开启SSH服务,设置服务自启动,安装VNC
|
Ubuntu Linux 网络安全
Linux Debian11服务器安装SSH,创建新用户并允许远程SSH远程登录,并禁止root用户远程SSH登录
本文介绍了Linux Debian11服务器安装SSH,创建新用户并允许远程SSH远程登录,并禁止root用户远程SSH登录。
2705 1
Linux Debian11服务器安装SSH,创建新用户并允许远程SSH远程登录,并禁止root用户远程SSH登录
|
2月前
|
Ubuntu Linux 网络安全
在Linux中,如何禁用root用户直接SSH登录?
在Linux中,如何禁用root用户直接SSH登录?
|
3月前
|
安全 Linux 网络安全
|
2月前
|
网络安全 容器
SSH——ssh: rejected: administratively prohibited (open failed)
SSH——ssh: rejected: administratively prohibited (open failed)
44 0
|
5月前
|
安全 Shell 网络安全
windows 系统 c 盘 .ssh 文件夹里的 id_rsa 文件的作用
windows 系统 c 盘 .ssh 文件夹里的 id_rsa 文件的作用
|
4月前
|
Linux 网络安全 数据安全/隐私保护
Jun 03 14:50:45 nodeName sshd[60215]: Accepted password for root from 192.168.0.100 port 15612 ssh2 如何关闭这个连接
【6月更文挑战第6天】Jun 03 14:50:45 nodeName sshd[60215]: Accepted password for root from 192.168.0.100 port 15612 ssh2 如何关闭这个连接
68 2
|
5月前
|
网络安全 数据安全/隐私保护
银河麒麟v10系统SSH远程管理及切换root用户的操作方法
银河麒麟v10系统SSH远程管理及切换root用户的操作方法
1854 0