My environment:
- Windows 10 with powershell
- chefdk-2.4.17-1
- vagrant_2.0.1
- VirtualBox-5.2.4
- OpenSSH_7.6p1
- "kitchen create" succeeded with a simple apache recipe, and "kitchen list" showed the instance was created
My Problem:
When run "kitchen login", I got error "UNPROTECTED PRIVATE KEY FILE!". The full error message is as following. It's version related, but similar error should have same root cause.
PS > kitchen login
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for '.../.kitchen/kitchen-vagrant/default-centos-72/.vagrant/machines/default/virtualbox/private_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key ".../.kitchen/kitchen-vagrant/default-centos-72/.vagrant/machines/default/virtualbox/private_key": bad permissions vagrant@127.0.0.1's password: |
Root Cause:
"kitchen login" executed 'ssh' commands, and 'ssh' is complaining the private key file is too open, others can read it, not secure so it refused to use it.My Solution:
Set the proper permission using ACL. The idea is to use 'ssh-keygen' to generate a private key file which will have the proper ACL, then match previous private key file's ACL to this one. I assume you are in the directory which hosts keyfile 'private_key', and the following is running as administrator. After this, the 'kitchen login'/ssh doesn't complain anymore, and login successfully. This can also serve as a way to change file permission in powershell command line.
ssh-keygen -f C:\Windows\Temp\id_rsa -N dumppass
$Acl = Get-Acl C:\Windows\Temp\id_rsaSet-Acl .\private_key $Acl |