Home / ubuntu / Questions / 1530736
Accepted
mstdmstd
Asked: 2024-10-21 21:51:05 +0800 CST

Why recreated ssh-keygen files under root subdirectory?

  • 772

On kubuntu 22.04 I reinstalled ssh-keygen :

 sudo ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Q40/XXXXXXXXXXXXXXXXX/XXXXXXX root@master-at-home
The key's randomart image is:
+---[RSA 3072]----+
|... ..           |
|oo.+o..  o       |
|.+.o=o+ = .      |
|  oo.o.= B       |
|   .. .oS B      |
|     o=.o. +     |
|    .E.+  o      |
|     .*+ . .     |
|    .o*B*o.      |

But files were generated under /root/.ssh/id_rsa.pub, but not under /home/master/.ssh, where master is current user.

Not sure if I can move the files manually or to change my command in the console ?

EDITIVE INFO :

master@master-at-home:/mnt/_work_sdb8/wwwroot/lar/CurrenciesXM$ ls -la ~/.ssh
total 24
drwxr-xr-x  2 root   root   4096 жов 21 16:17 .
drwxr-x--- 31 master master 4096 жов 21 16:51 ..
-rwxr-xr-x  1 root   root   2610 жов 29  2021 id_rsa
-rwxr-xr-x  1 root   root    574 жов 29  2021 id_rsa.pub
-rwxr-xr-x  1 root   root   3556 жов 21 16:17 known_hosts
-rwxr-xr-x  1 root   root   3998 лис 22  2023 known_hosts.old
master@master-at-home:/mnt/_work_sdb8/wwwroot/lar/CurrenciesXM$ id
uid=1000(master) gid=1000(master) groups=1000(master),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),133(lxd),134(sambashare)
master@master-at-home:/mnt/_work_sdb8/wwwroot/lar/CurrenciesXM$ sudo -s
[sudo] password for master: 
root@master-at-home:/mnt/_work_sdb8/wwwroot/lar/CurrenciesXM# id
uid=0(root) gid=0(root) groups=0(root),137(docker)
ssh

1 Answers

  1. Best Answer

    The command ssh-keygen should be run as normal user, not with root permissions.

    The owner and group of the directory .ssh and the files in this directory are root:root. It should be master:master. That's why you will get errors when you run ssh-keygen as normal user.

    Furthermore, the files have executable bits set, which is useless. The most critical point is that the private key file id_rsa is readable for everyone.

    Probably you did something wrong in the past.

    I suggest these commands to fix the ownership and permissions:

    sudo chown -R master:master ~/.ssh
chmod -R o-rwx ~/.ssh
chmod -R og-w ~/.ssh
chmod og-r ~/.ssh/id_rsa
chmod a-x ~/.ssh/*

    Explanation:

    • change ownership (This requires sudo, the following commands can be run as master.)
    • remove all access for others
    • remove write access for group (not necessary in this case)
    • remove read access for group and others from private key
    • remove executable bits from all files

    If there were other private key files (id_* without .pub), the permissions for these should be the same as for id_rsa.

    • 2