Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29255

Use of RSA private key yields error: Permissions 0644 for '/…/secretFiles/…/blah.id_rsa' are too open

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Ubuntu 14.04
    • Similar Issues:

      Description

      I am trying to store an RSA private key in Jenkins, and reference it using the Credentials Binding plugin.
      I was able to upload the RSA private key as a Secret File, bound to a "domain".
      (The "domain" is just some arbitrary text label).
      This is the only way it appeared in the dropdown list in my project when I selected 'Use secret text(s) or file(s), then under Bindings select 'Secret text', and then it shows up in the dropdown list.
      So then I selected it, bound it to an env var, and attempted to use it in my project.
      I got this error:

      + rsync -auvz -e 'ssh -i /var/lib/jenkins/secretFiles/74ec48f8-ead9-4545-99ac-9a8c351cf19d/blah.id_rsa -p 12345' test_file someone@somewhere.net:/home/someuser/test_dir
      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      Permissions 0644 for '/var/lib/jenkins/secretFiles/74ec48f8-ead9-4545-99ac-9a8c351cf19d/blah.id_rsa' are too open.
      It is required that your private key files are NOT accessible by others.
      This private key will be ignored.
      bad permissions: ignore key: /var/lib/jenkins/secretFiles/74ec48f8-ead9-4545-99ac-9a8c351cf19d/blah.id_rsa

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mcsf M Chon
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: