authorized_keys_insecure_perms

Diagnostic `nanook::auth::authorized_keys_insecure_perms`

Summary

authorized_keys file `{0}` has insecure permissions {1:#o}

Help

chmod 0600 (or 0400) the file so untrusted users cannot append keys

Details

When this fires

AuthorizedKeys::extend_file runs check_perms before reading any line, and bails out if the file mode has the group-write or world-write bits set (mode & 0o022 != 0). It usually means the agent host is reading an authorized_keys file pointed at by the [admin].authorized_keys config, and somebody loosened the perms. The agent refuses to start, so nanook ctl connections will fail outright.

What to check

Tighten the file so untrusted users cannot append rogue keys:

chmod 0600 ~/.nanook/authorized_keys

0400 works too if you do not need to edit it as the agent user.