HOMEDISCORD

Fixing PEM Key File Permission Issues

This guide provides solutions for errors encountered when using a PEM key file.

Error: Unprotected Private Key File

Private key files must be protected from access by other users. If a private key is readable or writable by anyone other than yourself, SSH will ignore the key and display a warning message like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '.ssh/my_private_key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: .ssh/my_private_key.pem
Permission denied (publickey).

When you see this message, check the first line of the error to ensure you are using the correct public key for the instance.

In the example above, the permissions for the private key file .ssh/my_private_key.pem are set to 0777, meaning all users can access this file. These permissions are completely unprotected, and SSH will ignore this key.

Check the connection methods for your operating system below.

[Connecting to a Linux Instance from macOS]

To resolve this issue, run the following command on macOS or Linux to modify the permissions of the private key file:

$ chmod 0400 [path to pem key]

[Connecting to a Linux Instance from Windows]

1. Setting the PEM file

  • Navigate to the location where the .pem file is stored.

  • Right-click the .pem file and select [Properties].

  • Go to the Security tab.

  • Click [Advanced].

2. Checking and Changing File Ownership

  • If you are not the owner of the file, change the owner to your username.

  • Select [Disable inheritance] and [Remove all inherited permissions from this object].

3. Adding User Permissions

  • Click [Add], then select [Select a principal].

  • Enter your username and click [OK].

  • In the [Permission Entry] window, grant [Read] permission and click [OK].

4. Applying Changes

  • Click [Apply] to save all settings.

  • Click [OK] to close the [Advanced Security Settings] window.

  • Click [OK] again to close the [Properties] window.

5. Preparing SSH Connection in Command Prompt

  • Open Windows Command Prompt and navigate to the directory where the .pem file is located.

  • Run the following commands to reset explicit permissions:

icacls.exe $path /reset

6. Granting Read Permission to the Current User

  • Run the following command to grant read permission to the current user:

icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"

7. Disabling Inheritance and Removing Inherited Permissions

  • Run the following command to disable inheritance and remove inherited permissions:

icacls.exe $path /inheritance:r

By following these steps, you can securely connect to your Linux instance via SSH from Windows.

PreviousHandling Errors When Connecting to MachinesNextMachine Registration Requirements

Last updated