WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance

Question

I'm working to set up Panda on an Amazon EC2 instance. I set up my account and tools last night and had no problem using SSH to interact with my own personal instance, but right now I'm not being allowed permission into Panda's EC2 instance. Getting Started with Panda

I'm getting the following error:

@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

Permissions 0644 for '~/.ec2/id_rsa-gsg-keypair' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.

I've chmoded my keypair to 600 in order to get into my personal instance last night, and experimented at length setting the permissions to 0 and even generating new key strings, but nothing seems to be working.

Any help at all would be a great help!

---

Hm, it seems as though unless permissions are set to 777 on the directory, the ec2-run-instances script is unable to find my keyfiles.

Answer 1

I've chmoded my keypair to 600 in order to get into my personal instance last night,

And this is the way it is supposed to be.

From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.

The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.

Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.

Any problems you are having are client side, so be sure to include local OS information with any follow up questions!

Answer 2

确保包含私钥文件的目录设置为700<\/strong>

chmod 700 ~/.ec2

Answer 3

To fix this,

1. you'll need to reset the permissions back to default:

    sudo chmod 600 ~/.ssh/id_rsa sudo chmod 600 ~/.ssh/id_rsa.pub

   If you are getting another error:

   • Are you sure you want to continue connecting (yes/no)? yes
   • Failed to add the host to the list of known hosts (/home/geek/.ssh/known_hosts).

2. This means that the permissions on that file are also set incorrectly, and can be adjusted with this:

    sudo chmod 644 ~/.ssh/known_hosts

3. Finally, you may need to adjust the directory permissions as well:

    sudo chmod 755 ~/.ssh

This should get you back up and running.

Answer 4

The private key file should be protected. In my case i have been using the public_key authentication for a long time and i used to set the permission as 600 (rw- --- ---) for private key and 644 (rw- r-- r--) and for the .ssh folder in the home folder you will have 700 permission (rwx --- ---). For setting this go to the user's home folder and run the following command

chmod 700 .ssh

Answer 5

我也遇到了同样的问题，但我通过将密钥文件权限更改为 600 来解决它。

sudo chmod 600 \/path\/to\/my\/key.pem<\/code>

"

Answer 6

使用 chmod 命令更改文件权限

sudo chmod 700 keyfile.pem

Answer 7

On windows, Try using git bash and use your Linux commands there. Easy approach

chmod 400 *****.pem

ssh -i "******.pem" ubuntu@ec2-11-111-111-111.us-east-2.compute.amazonaws.com

Answer 8

Keep your private key, public key, known_hosts in same directory and try login as below:

ssh -I(small i) "hi.pem" ec2-user@ec2-**-***-**-***.us-west-2.compute.amazonaws.com

Answer 9

Just to brief the issue, that pem files permissions are open for every user on machine ie any one can read and write on that file On windows it difficult to do chmod the way I found was using a git bash. I have followed below steps

1. Remove user permissions

   chmod ugo-rwx abc.pem

2. Add permission only for that user

   chmod u+rw

3. run chmod 400

   chmod 400 abc.pem

4.Now try ssh -i for your instance

Answer 10

If you are on a windows machine just copy the.pem file into C drive any folder and re-run the command.

ssh -i /path/to/keyfile.pem user@some-host

In my case, I put that file in downloads and this actually works.

Or follow this https://99robots.com/how-to-fix-permission-error-ssh-amazon-ec2-instance/

Answer 11

I am thinking about something else, if you are trying to login with a different username that doesn't exist this is the message you will get.

So I assume you may be trying to ssh with ec2-user but I recall recently most of centos AMIs for example are using centos user instead of ec2-user

so if you are ssh -i file.pem centos@public_IP please tell me you aretrying to ssh with the right user name otherwise this may be a strong reason of you see such error message even with the right permissions on your ~/.ssh/id_rsa or file.pem

Answer 12

The solution is to make it readable only by the owner of the file, ie the last two digits of the octal mode representation should be zero (eg mode 0400<\/code> ).

/*
 * if a key owned by the user is accessed, then we check the
 * permissions of the file. if the key owned by a different user,
 * then we don't care.
 */
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
    error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
    error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
    error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
    error("Permissions 0%3.3o for '%s' are too open.",
        (u_int)st.st_mode & 0777, filename);
    error("It is required that your private key files are NOT accessible by others.");
    error("This private key will be ignored.");
    return SSH_ERR_KEY_BAD_PERMISSIONS;
}

Answer 13

Windows has issues. i hav tried the following :
1 - while trying on windows using CMD and PowerShell- same issue is there.
2 - after changing file permission using git bash and trying with putty,cmd,powershell - same issue
3 - while using putty with private key for auth ( even after changing file permission ) - same issue
4 - using git bash - was able to login without any issue. Had changed permission as per @Shri_Automation

Remove user permissions

chmod ugo-rwx abc.key

Add permission only for that user

chmod u+rw abc.key

run chmod 400

chmod 400 abc.key

4.Now try ssh -i for your instance

is there any easier way to do this??

Answer 14

1. $ sudo chmod 700 ~/.ssh
2. $ sudo chmod 600 ~/.ssh/id_rsa
3. $ sudo chmod 600 ~/.ssh/id_rsa.pub

the above 3 commands should solve the problem !

Answer 15

Just a note for anyone who stumbles upon this:

If you are trying to SSH with a key that has been shared with you, for example:

ssh -i /path/to/keyfile.pem user@some-host

Where keyfile.pem is the private/public key shared with you and you're using it to connect, make sure you save it into ~/.ssh/ and chmod 777 .

Trying to use the file when it was saved elsewhere on my machine was giving the OP's error. Not sure if it is directly related.