Fixing PEM Key File Permission Issues

This guide provides solutions for errors encountered when using a PEM key file.

Error: Unprotected Private Key File

Private key files must be protected from access by other users. If a private key is readable or writable by anyone other than yourself, SSH will ignore the key and display a warning message like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '.ssh/my_private_key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: .ssh/my_private_key.pem
Permission denied (publickey).

When you see this message, check the first line of the error to ensure you are using the correct public key for the instance.

In the example above, the permissions for the private key file .ssh/my_private_key.pem are set to 0777, meaning all users can access this file. These permissions are completely unprotected, and SSH will ignore this key.

Check the connection methods for your operating system below.

[Connecting to a Linux Instance from macOS]

To resolve this issue, run the following command on macOS or Linux to modify the permissions of the private key file:

$ chmod 0400 [path to pem key]

[Connecting to a Linux Instance from Windows]

1. Setting the PEM file

Navigate to the location where the .pem file is stored.
Right-click the .pem file and select [Properties].
Go to the Security tab.
Click [Advanced].

2. Checking and Changing File Ownership

If you are not the owner of the file, change the owner to your username.
Select [Disable inheritance] and [Remove all inherited permissions from this object].

3. Adding User Permissions

Click [Add], then select [Select a principal].
Enter your username and click [OK].
In the [Permission Entry] window, grant [Read] permission and click [OK].

4. Applying Changes

Click [Apply] to save all settings.
Click [OK] to close the [Advanced Security Settings] window.
Click [OK] again to close the [Properties] window.

5. Preparing SSH Connection in Command Prompt

Open Windows Command Prompt and navigate to the directory where the .pem file is located.
Run the following commands to reset explicit permissions:

icacls.exe $path /reset

6. Granting Read Permission to the Current User

Run the following command to grant read permission to the current user:

icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"

7. Disabling Inheritance and Removing Inherited Permissions

Run the following command to disable inheritance and remove inherited permissions:

icacls.exe $path /inheritance:r

By following these steps, you can securely connect to your Linux instance via SSH from Windows.

PreviousHandling Errors When Connecting to Machines NextHow to add a port number

Last updated 1 year ago

hashtagError: Unprotected Private Key File

hashtag[Connecting to a Linux Instance from macOS]

hashtag[Connecting to a Linux Instance from Windows]

hashtag1. Setting the PEM file

hashtag2. Checking and Changing File Ownership

hashtag3. Adding User Permissions

hashtag4. Applying Changes

hashtag5. Preparing SSH Connection in Command Prompt

hashtag6. Granting Read Permission to the Current User

hashtag7. Disabling Inheritance and Removing Inherited Permissions