When working with SSH, especially while trying to connect to remote servers (like AWS EC2 instances), you typically use a private key file to authenticate securely. However, sometimes you may encounter an error related to the permissions of your private key file. This error often looks like the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'ec2-key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
This error occurs because the permissions on your private key file (ec2-key.pem) are too open. SSH enforces strict permissions to ensure that private key files are accessible only to their owner. If the key file is accessible by others on the system, SSH will refuse to use it for security reasons.
In this article, I’ll explain how to fix this issue by adjusting the file permissions on Windows.
Steps to Fix the “Unprotected Private Key File” Error on Windows
Follow these steps to correct the file permissions and resolve the issue:
Open PowerShell as Administrator
- Press Win + X and choose Windows PowerShell (Admin)
- Alternatively, search for “PowerShell” in the Start menu, right-click on it, and select Run as administrator
Navigate to the Directory Containing the Private Key
You’ll need to navigate to the location of your private key (ec2-key.pem). Run the following command in PowerShell, replacing the path with the actual location of your key file:
cd C:/Users/iFran/DesktopRemove Permissions for Other Users
Use the following PowerShell commands to remove inherited permissions and restrict access to the private key file so that only your user account can access it:
icacls ec2-key.pem /inheritance:r
icacls ec2-key.pem /remove "BUILTIN\Users"
icacls ec2-key.pem /grant:r "%username%":FLet’s break down what these commands do:
- icacls ec2-key.pem /inheritance:r: Removes inherited permissions from the file.
- icacls ec2-key.pem /remove “BUILTIN\Users”: Removes access for the “Users” group, which represents all users on your system.
- icacls ec2-key.pem /grant:r “%username%”:F: Grants full control over the file to your user account only.
Verify the Permissions
After running the commands, verify that only your user account has access to the file by running:
icacls ec2-key.pemYou should see output similar to the following:
ec2-key.pem: <your_username>:(F)This means that only your user (<your_username>) has full access ((F)) to the file, resolving the security issue.
Fixing File Permissions on Linux/macOS
If you encounter the same issue on Linux or macOS, you can resolve it by changing the permissions with a single command:
chmod 600 ec2-key.pemThis command ensures that only the file owner has read and write permissions for the private key file.
Conclusion
The UNPROTECTED PRIVATE KEY FILE error occurs when the permissions on your SSH private key file are too open, making it accessible to others on your system. By following the steps outlined in this guide, you can restrict the file permissions and securely use your private key with SSH.
Ensuring the security of private key files is crucial for preventing unauthorized access, and these steps help enforce those protections on both Windows and Linux/macOS.
By following these steps, you’ll be able to resolve the permissions error and continue using your SSH key securely. Feel free to share your thoughts or any additional questions in the comments below!