CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2ssh
Sevval Kahraman
Sevval Kahraman

Reputation: 1301

How to avoid Permission denied (publickey) SSH key (Windows)

I want to connect my ec2 with SSH. But i get this error :

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'F:\\Config\\first1.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "F:\\Config\\first1.pem": bad permissions
[email protected]: Permission denied (publickey).

How can i solve this problem on Windows?

Upvotes: 14

Views: 90164

Answers (3)

pablo.bueti
pablo.bueti

Reputation: 151

I've created a utility script on PowerShell Desktop edition to set the required permissions at once.

What it does

It consists of a function that takes the file as input and set the permissions removing inheritance and all users except the current user.

Note that inheritance needs to be applied first, in order to then be able to remove other users (methods that do that would do nothing if inheritance weren't applied first).

Before running the script, ExecutionPolicy should be set to RemoteSigned, I prefer to apply with a scope of session to don't have a permanent setting changed on my system.

How to use it

Open a Windows Power Shell console, run this first:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Then download the script, edit the private file name, and run it.

<script src="https://gist.github.com/Scot-Bernard/fd409ad73b3733c3b9e93dd9055b9814.js"></script>

Upvotes: 0

Kate Sinclair
Kate Sinclair

Reputation: 493

This is the method worked for me

Step 1

Step 1

Right click the Key file first1.pem on explorer and Go to Properties > Security > Advanced > Disable Inheritance

Step 2

Step 2

Select "Convert inherited permissions into explicit permissions on this object"

Step 3

Step 3

Then delete everything there ( Including Administrator, User, User Groups ) and Click Add button.

Step 4

Step 4

Now select select a principal > Advanced > Find Now > [ Your User object ] > OK

Step 5

Step 5

Now you can tick "Full Control" then press OK

Now your key file is not accessible by others. This is the only method worked for me. Hope it helps. Thank You.

Upvotes: 39

Chris Williams
Chris Williams

Reputation: 35188

If permissions are too open for your private SSH key (regardless of OS) you will not be able to use the key.

Generally it should be as low permission as possible (Read only by your user only), at minimum on Windows you should be able to remove all other users permissions which will allow the key to be loaded.

Upvotes: 5

Related Questions