che: Unable to clone with SSH: unprotected private key file

Describe the bug

When attempting to clone a git repository via the terminal, I get the error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh/default-1569588924848/ssh-privatekey' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/etc/ssh/default-1569588924848/ssh-privatekey": bad permissions
Permission denied (publickey).
fatal: Could not read from remote repository.

I can’t change the permissions as Che is injecting this as readonly.

Che version

  • latest
  • nightly
  • other: please specify

Steps to reproduce

  1. Add SSH key with the SSH: generate key pair... command
  2. Restart workspace
  3. Launch terminal for main workspace container
  4. Run git clone {some git@ URL}

Expected behavior

SSH key should be mounted with appropriate permissions (i.e. 400 or 600).

Runtime

  • kubernetes (include output of kubectl version)
  • Openshift (include output of oc version)
  • minikube (include output of minikube version and kubectl version)
  • minishift (include output of minishift version and oc version)
  • docker-desktop + K8S (include output of docker version and kubectl version)
  • other: Rancher
kubectl version
Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.9", GitCommit:"3e4f6a92de5f259ef313ad876bb008897f6a98f0", GitTreeState:"clean", BuildDate:"2019-08-05T09:22:00Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.6", GitCommit:"96fac5cd13a5dc064f7d9f4f23030a6aeface6cc", GitTreeState:"clean", BuildDate:"2019-08-19T11:05:16Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}

Installation method

Helm charts via Rancher

Environment

  • my computer
    • Windows
    • Linux
    • macOS
  • Cloud
    • Amazon
    • Azure
    • GCE
    • other (please specify)
  • other: please specify

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 41 (40 by maintainers)

Most upvoted comments

@vinokurig it worked!! Great job, I am now able to clone via SSH.

+1
davidwindell on Nov 8, 2019
Read more comments on GitHub
← che: Unable to build che-ide-gwt-app
che: Unable to config keycloak if use https →