Q
- 使用ssh -i ~/.ssh./abc.pem centos@1.2.3.4 登陆服务器的时候报错:
Permissions 0644 for 'XXX.pem' are too open. - 场景: 证书多是由同事的邮件发来的,下载下来的证书的权限多是644 权限,按照Linux中的权限说明也就是
rw-r--r--.其中r=4;w=2;x=1分别是读、写、执行。
A
sudo chmod 400 ~/.ssh./abc.pem
600 也可以 原因参见
man ssh, 就是因为证书是用来登陆的,因此里面包含了敏感信息,因此应该只能被当前用户读取(600就可以编辑了,但是很少编辑,都是自动生成的),不能被其他用户编辑和读取。
(.pem) Contains the private key for authentication.
[These files contain sensitive data and should be readable by the user
but not accessible by others (read/write/execute).
ssh will simply ignore a private key file if it is accessible by others.]
It is possible to specify a
passphrase when generating the key which will be used to encrypt the sensitive
part of this file using 3DES.
