WARNING UNPROTECTED PRIVATE KEY FILE when trying to SSH into Amazon EC2 Instance

Question

I m working to set up Panda on an Amazon EC2 instance  I set up my account and tools last night and had no problem using SSH to interact with my own personal instance  but right now I m not being allowed permission into Panda s EC2 instance  Getting Started with Panda  I m getting the following error             WARNING  UNPROTECTED PRIVATE KEY FILE              Permissions 0644 for     ec2 id rsa-gsg-keypair  are too open  It is recommended that your private key files are NOT accessible by others  This private key will be ignored    I ve chmoded my keypair to 600 in order to get into my personal instance last night  and experimented at length setting the permissions to 0 and even generating new key strings  but nothing seems to be working   Any help at all would be a great help     Hm  it seems as though unless permissions are set to 777 on the directory  the ec2-run-instances script is unable to find my keyfiles  I m new to SSH so I might be overlooking something

User · Answer

The private key file should be protected. In my case i have been using the public_key authentication for a long time and i used to set the permission as 600 (rw- --- ---) for private key and 644 (rw- r-- r--) and for the .ssh folder in the home folder you will have 700 permission (rwx --- ---). For setting this go to the user's home folder and run the following command

Set the 700 permission for .ssh folder

chmod 700 .ssh

Set the 600 permission for private key file

chmod 600 .ssh/id_rsa

Set 644 permission for public key file

chmod 644 .ssh/id_rsa.pub

User · Answer

Make sure that the directory containing the private key files is set to 700  chmod 700    ec2

User · Answer

I ve chmoded my keypair to 600 in order to get into my personal instance last night    And this is the way it is supposed to be     From the EC2 documentation we have  If you re using OpenSSH  or any reasonably paranoid SSH client  then you ll probably need to set the permissions of this file so that it s only readable by you    The Panda documentation you link to links to Amazon s documentation but really doesn t convey how important it all is   The idea is that the key pair files are like passwords and need to be protected   So  the ssh client you are using requires that those files be secured and that only your account can read them   Setting the directory to 700 really should be enough  but 777 is not going to hurt as long as the files are 600   Any problems you are having are client side  so be sure to include local OS information with any follow up questions

User · Answer

Just a note for anyone who stumbles upon this   If you are trying to SSH with a key that has been shared with you  for example   ssh -i  path to keyfile pem user some-host  Where keyfile pem is the private public key shared with you and you re using it to connect  make sure you save it into    ssh  and chmod 777   Trying to use the file when it was saved elsewhere on my machine was giving the OP s error  Not sure if it is directly related

User · Answer

The private key file should be protected. In my case i have been using the public_key authentication for a long time and i used to set the permission as 600 (rw- --- ---) for private key and 644 (rw- r-- r--) and for the .ssh folder in the home folder you will have 700 permission (rwx --- ---). For setting this go to the user's home folder and run the following command

Set the 700 permission for .ssh folder

chmod 700 .ssh

Set the 600 permission for private key file

chmod 600 .ssh/id_rsa

Set 644 permission for public key file

chmod 644 .ssh/id_rsa.pub

User · Answer

Make sure that the directory containing the private key files is set to 700  chmod 700    ec2

User · Answer

I also got the same issue  but I fix it by changing my key file permission to 600   sudo chmod 600  path to my key pem  Link   http   stackabuse com how-to-fix-warning-unprotected-private-key-file-on-mac-and-linux

User · Answer

To fix this   you   ll need to reset the permissions back to default  sudo chmod 600    ssh id rsa sudo chmod 600    ssh id rsa pub  If you are getting another error   Are you sure you want to continue connecting  yes no   yes Failed to add the host to the list of known hosts   home geek  ssh known hosts     This means that the permissions on that file are also set incorrectly  and can be adjusted with this  sudo chmod 644    ssh known hosts     Finally  you may need to adjust the directory permissions as well  sudo chmod 755    ssh    This should get you back up and running

User · Answer

I am thinking about something else  if you are trying to login with a different username that doesn t exist this is the message you will get   So I assume you may be trying to ssh with ec2-user but I recall recently most of centos AMIs for example are using centos user instead of ec2-user  so if you are  ssh -i file pem centos public IP please tell me you aretrying to ssh with the right user name otherwise this may be a strong reason of you see such error message even with the right permissions on your    ssh id rsa  or file pem

User · Answer

Change the File Permission using chmod command   sudo chmod 700 keyfile pem

User · Answer

I also got the same issue  but I fix it by changing my key file permission to 600   sudo chmod 600  path to my key pem  Link   http   stackabuse com how-to-fix-warning-unprotected-private-key-file-on-mac-and-linux

User · Answer

Make sure that the directory containing the private key files is set to 700  chmod 700    ec2

User · Answer

Keep your private key  public key  known hosts in same directory and try login as below   ssh -I small i   hi pem  ec2-user ec2-  -   -  -    us-west-2 compute amazonaws com    Same directory in the sense   cd  Users prince Desktop   Now type ls command  and you should  see     pem    ppk known hosts   Note  You have to try to login from the same directory or you ll get a permission denied error as it can t find the  pem file from your present directory     If you want to be able to SSH from any directory  you can add the following to you    ssh config file     Host your server HostName ec2-user ec2-  -   -  -    us-west-2 compute amazonaws com User ec2-user IdentityFile    ec2 id rsa-gsg-keypair IdentitiesOnly yes   Now you can SSH to your server regardless of where the directory is by simply typing ssh your server  or whatever name you place after  Host

User · Answer

The solution is to make it readable only by the owner of the file  i e  the last two digits of the octal mode representation should be zero  e g  mode 0400    OpenSSH checks this in authfile c  in a function named sshkey perm ok         if a key owned by the user is accessed  then we check the    permissions of the file  if the key owned by a different user     then we don t care      if   st st uid    getuid     amp  amp   st st mode  amp  077     0        error                                                                     error            WARNING  UNPROTECTED PRIVATE KEY FILE                    error                                                                     error  Permissions 0 3 3o for   s  are too open             u int st st mode  amp  0777  filename       error  It is required that your private key files are NOT accessible by others         error  This private key will be ignored         return SSH ERR KEY BAD PERMISSIONS      See the first line after the comment  it does a  bitwise and  against the mode of the file  selecting all bits in the last two octal digits  since 07 is octal for 0b111  where each bit stands for r w x  respectively

User · Answer

I ve chmoded my keypair to 600 in order to get into my personal instance last night    And this is the way it is supposed to be     From the EC2 documentation we have  If you re using OpenSSH  or any reasonably paranoid SSH client  then you ll probably need to set the permissions of this file so that it s only readable by you    The Panda documentation you link to links to Amazon s documentation but really doesn t convey how important it all is   The idea is that the key pair files are like passwords and need to be protected   So  the ssh client you are using requires that those files be secured and that only your account can read them   Setting the directory to 700 really should be enough  but 777 is not going to hurt as long as the files are 600   Any problems you are having are client side  so be sure to include local OS information with any follow up questions

User · Answer

The solution is to make it readable only by the owner of the file  i e  the last two digits of the octal mode representation should be zero  e g  mode 0400    OpenSSH checks this in authfile c  in a function named sshkey perm ok         if a key owned by the user is accessed  then we check the    permissions of the file  if the key owned by a different user     then we don t care      if   st st uid    getuid     amp  amp   st st mode  amp  077     0        error                                                                     error            WARNING  UNPROTECTED PRIVATE KEY FILE                    error                                                                     error  Permissions 0 3 3o for   s  are too open             u int st st mode  amp  0777  filename       error  It is required that your private key files are NOT accessible by others         error  This private key will be ignored         return SSH ERR KEY BAD PERMISSIONS      See the first line after the comment  it does a  bitwise and  against the mode of the file  selecting all bits in the last two octal digits  since 07 is octal for 0b111  where each bit stands for r w x  respectively

User · Answer

Change the File Permission using chmod command   sudo chmod 700 keyfile pem

User · Answer

Keep your private key  public key  known hosts in same directory and try login as below   ssh -I small i   hi pem  ec2-user ec2-  -   -  -    us-west-2 compute amazonaws com    Same directory in the sense   cd  Users prince Desktop   Now type ls command  and you should  see     pem    ppk known hosts   Note  You have to try to login from the same directory or you ll get a permission denied error as it can t find the  pem file from your present directory     If you want to be able to SSH from any directory  you can add the following to you    ssh config file     Host your server HostName ec2-user ec2-  -   -  -    us-west-2 compute amazonaws com User ec2-user IdentityFile    ec2 id rsa-gsg-keypair IdentitiesOnly yes   Now you can SSH to your server regardless of where the directory is by simply typing ssh your server  or whatever name you place after  Host

User · Answer

On windows  Try using git bash and use your Linux commands there  Easy approach  chmod 400       pem  ssh -i         pem  ubuntu ec2-11-111-111-111 us-east-2 compute amazonaws com

User · Answer

I ve chmoded my keypair to 600 in order to get into my personal instance last night    And this is the way it is supposed to be     From the EC2 documentation we have  If you re using OpenSSH  or any reasonably paranoid SSH client  then you ll probably need to set the permissions of this file so that it s only readable by you    The Panda documentation you link to links to Amazon s documentation but really doesn t convey how important it all is   The idea is that the key pair files are like passwords and need to be protected   So  the ssh client you are using requires that those files be secured and that only your account can read them   Setting the directory to 700 really should be enough  but 777 is not going to hurt as long as the files are 600   Any problems you are having are client side  so be sure to include local OS information with any follow up questions

User · Answer

Just a note for anyone who stumbles upon this   If you are trying to SSH with a key that has been shared with you  for example   ssh -i  path to keyfile pem user some-host  Where keyfile pem is the private public key shared with you and you re using it to connect  make sure you save it into    ssh  and chmod 777   Trying to use the file when it was saved elsewhere on my machine was giving the OP s error  Not sure if it is directly related

User · Answer

On windows  Try using git bash and use your Linux commands there  Easy approach  chmod 400       pem  ssh -i         pem  ubuntu ec2-11-111-111-111 us-east-2 compute amazonaws com

User · Answer

Make sure that the directory containing the private key files is set to 700  chmod 700    ec2

User · Answer

I ve chmoded my keypair to 600 in order to get into my personal instance last night    And this is the way it is supposed to be     From the EC2 documentation we have  If you re using OpenSSH  or any reasonably paranoid SSH client  then you ll probably need to set the permissions of this file so that it s only readable by you    The Panda documentation you link to links to Amazon s documentation but really doesn t convey how important it all is   The idea is that the key pair files are like passwords and need to be protected   So  the ssh client you are using requires that those files be secured and that only your account can read them   Setting the directory to 700 really should be enough  but 777 is not going to hurt as long as the files are 600   Any problems you are having are client side  so be sure to include local OS information with any follow up questions

User · Answer

To fix this   you   ll need to reset the permissions back to default  sudo chmod 600    ssh id rsa sudo chmod 600    ssh id rsa pub  If you are getting another error   Are you sure you want to continue connecting  yes no   yes Failed to add the host to the list of known hosts   home geek  ssh known hosts     This means that the permissions on that file are also set incorrectly  and can be adjusted with this  sudo chmod 644    ssh known hosts     Finally  you may need to adjust the directory permissions as well  sudo chmod 755    ssh    This should get you back up and running

User · Answer

I am thinking about something else  if you are trying to login with a different username that doesn t exist this is the message you will get   So I assume you may be trying to ssh with ec2-user but I recall recently most of centos AMIs for example are using centos user instead of ec2-user  so if you are  ssh -i file pem centos public IP please tell me you aretrying to ssh with the right user name otherwise this may be a strong reason of you see such error message even with the right permissions on your    ssh id rsa  or file pem

[ssh] WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance

Examples related to ssh

Examples related to amazon-web-services

Examples related to amazon-ec2

Examples related to chmod