SSH登陆错误：“warning：unprotected private key file” 问题

故障现象：

[root@localhost .ssh]# ssh heat-admin@192.168.100.100

The authenticity of host '192.168.100.100 (192.168.100.100)' can't be established.

ECDSA key fingerprint is fb:db:01:40:52:4c:da:9d:56:43:52:a5:c0:27:5e:d2.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.100.100' (ECDSA) to the list of known hosts.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: UNPROTECTED PRIVATE KEY FILE! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Permissions 0644 for '/root/.ssh/id_rsa' are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

bad permissions: ignore key: /root/.ssh/id_rsa

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

处理过程：

[root@localhost .ssh]# chmod 700 /root/.ssh/id_rsa

[root@localhost .ssh]# ssh heat-admin@192.168.100.100

Last login: Wed Feb 22 06:45:48 2017 from 192.168.100.205

解决方法：

这里是说密钥文件权限不能为0644,0644权限太开放了，要求你的密钥文件不能被其它用户读取。所以我们现在需要修改一下密钥文件权限。在命令行输入chmod 700 /root/.ssh/id_rsa即可。这里“/root/.ssh/id_rsa”就是warning里给出的密钥文件名，所以你需要换成你的warning信息里给出的秘钥文件名。

格式如下：chmod 权限码 密钥文件名

转载于:https://my.oschina.net/whoareyou/blog/850465