Oct 24, 2022

Multipass Private SSH Key is Exposing to Everyone

It is so convenience to use the command 'multipass shell jimny' whenever we need to access to VM created. 

But, how can we login without password? Where is the SSH private key?

Actually it is using SSH public key authentication for login to VM. 

For my case, I'm using WSL, and the SSH private key is stored at 

C:\ProgramData\Multipass\data\ssh-keys\id_rsa

So, in theory, we can always do the following to login to any VM created by Multipass.

PS> ssh -i C:\ProgramData\Multipass\data\ssh-keys\id_rsa ubuntu@jimny

However, you will always hit with permission error. Not because of no permission, but everyone has a READ permission to the private key. 

To fix this, you need an administrator privilege to fix it:

C:\cd C:\ProgramData\Multipass\data\ssh-keys

C:\ProgramData\Multipass\data\ssh-keys> icacls id_rsa /inheritance:r /grant "$(whoami):F" /grant "NT AUTHORITY\SYSTEM:F"

Make sure it is executed successfully and you should be able to use the SSH private key for authentication.

PS> ssh -i C:\ProgramData\Multipass\data\ssh-keys\id_rsa ubuntu@jimny

 

Links: