I've OpenSSH 7.6 installed in Windows 7 for testing purposes. SSH client & server work just fine till I tried to access one of my AWS EC2 box from this windows. Show It seems like I need to change the permission on the private key file. This can be easily done on unix/linux with chmod command. What about windows? private-key.ppm is copied directly from AWS and I guess the permission too. C:\>ssh -V OpenSSH_7.6p1, LibreSSL 2.5.3 C:\>ver Microsoft Windows [Version 6.1.7601] C:\> C:\>ssh -i private-key.ppk @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'private-key.ppk' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "private-key.ppk": bad permissions : Permission denied (publickey). C:\> C:\> C:\>ssh -i private-key.ppm Warning: Identity file private-key.ppm not accessible: No such file or directory. : Permission denied (publickey). C:\>
asked Feb 18, 2018 at 5:10
11 You locate the file in Windows Explorer, right-click on it then select "Properties". Navigate to the "Security" tab and click "Advanced". Change the owner to you, disable inheritance and delete all permissions. Then grant yourself "Full control" and save the permissions. Now SSH won't complain about file permission too open anymore. It should end up looking like this:
MSC 5571 gold badge5 silver badges13 bronze badges answered Feb 18, 2018 at 8:57
iBugiBug 9,3057 gold badges34 silver badges64 bronze badges 21 Keys must only be accessible to the user they're intended for and no other account, service, or group.
answered Jun 8, 2018 at 15:34
22 In addition to the answer provided by ibug. Since i was using the ubuntu system inside windows to to run the ssh command. It still was not working. So i did sudo ssh ...and then it worked answered Sep 8, 2018 at 13:27
Parv SharmaParv Sharma 6835 silver badges5 bronze badges 9 I had a similar issue but I was at work and don't have the ability to change file permissions on my work computer. What you need to do is install WSL then copy the your key to the hidden ssh directory in WSL: cp <path to your key> ~/.ssh/<name of your key>Now you should be able to modify the permissions normally. sudo chmod 600 ~/.ssh/<your key's name>Then ssh using WSL: ssh -i ~/.ssh/<name of your key> <username>@<ip address>
Giacomo1968 50.6k18 gold badges158 silver badges204 bronze badges answered Sep 6, 2019 at 18:17
JKauffmanJKauffman 5514 silver badges2 bronze badges 5 You just need to do at least four things:
Matthew Lock 4,6112 gold badges34 silver badges42 bronze badges answered Feb 16, 2019 at 21:58
3 use below command on your key it works on windows icacls .\private.key /inheritance:r icacls .\private.key /grant:r "%username%":"(R)"answered Oct 4, 2019 at 13:28
4 This seems to be related to the version of OpenSSH you're running:
When running ..\Git\usr\bin\ssh.exe, it works fine and doesn't complain about the permissions, but running ..\OpenSSH\ssh.exe comes back with the following, even though key ACLs are Full Access for myself and nothing else: load key "t:\mykeys\rich-private.ppk": invalid format : Permission denied (publickey).
answered Apr 5, 2018 at 11:53
Rich SRich S 3332 silver badges7 bronze badges 6 You can use icacls in Windows instead of chmod to adjust file permission. To give the current user read permission and remove everything else: Icacls <file name> /Inheritance:r Icacls <file name> /Grant:r "%Username%":"(R)"
answered Aug 12, 2019 at 12:39
manjuvmanjuv 1071 silver badge3 bronze badges 4
answered Apr 17, 2020 at 19:34
2
Here's the way to do it using Microsoft's tooling, avoiding the problem from the get-go. But it should also fix the issue, meaning you can follow these instructions with existing keys. Start PowerShell/Terminal as Administrator and run the following: answered Oct 30, 2020 at 14:31
Louis WaweruLouis Waweru 23.3k37 gold badges128 silver badges194 bronze badges 2 A single line in CMD might do the trick; as described here, adding the key from stdin instead of changing the permissions: cat /path/to/permission_file | ssh-add -kTo check key has been added: ssh-add -l
answered Nov 28, 2019 at 14:45
majommajom 1112 bronze badges This is just a scripted version of @JW0914's CLI answer, so upvote him first and foremost: # DO the following in powerhsell if not already done: # Set-ExecutionPolicy RemoteSigned # NOTE: edit the path in this command if needed $sshFiles=Get-ChildItem -Path "$env:userprofile\.ssh" -Force $sshFiles | % { $key = $_ & icacls $key /c /t /inheritance:d & icacls $key /c /t /grant "${echo $env:username}":F & icacls $key /c /t /remove Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users } # Verify: $sshFiles | % { icacls $_ }
answered Oct 3, 2019 at 21:07
bbarkerbbarker 3063 silver badges9 bronze badges I couldn't get any of these answers working for me due to permission issues, so I'll share my solution:
answered Feb 24, 2020 at 23:03
7
answered Mar 14, 2020 at 15:15
1 Answer by iBug works fine! You can follow that and get rid of this issue. But there are few things which are needed to be cleared as I faced issues during setting up permissions and it took few minutes for me to figure out the problem! Following iBug's answer, you'll remove all the permissions but how do you set Full Control permission to yourself? that's where I got stuck at first as I didn't knew how to do that. After Disabling Inheritance, you'll be able to delete all allowed users or groups. Once Done with that, Click on Add then click on Set a Principal then enter System and Administrators and your email addredd in the field at bottom then click on check names. It'll load the name if user exists. Then, Click on OK > Type Allow > Basic Permisisons Full Control > Okay This will setup Full Control permission to SYSTEM, Administrators and Your User. After that try to ssh using that key. It should be solved now. I had same issue and I solved that using this method. If there's any user or group with that name then it'll load that. -Screenshots- Permission Entries Select a Principal/ Select User or Groups answered Feb 8, 2019 at 14:20
2 I'm a Window user, using the Windows's bash and followed all the steps to set permission using Windows GUI, and it still doesn't work and it complains: Permissions 0555 for 'my_ssh.pem' are too open. It is required that your private key files are NOT accessible by others.The I added sudo at the front of the ssh command and it just works. Hope this is helpful to others. answered Nov 26, 2019 at 6:10
3 I had the same problem on Windows 10, and it arouse when I created a second user account on my machine. Since that new user was also an administrator and It had access to my user folder, I did these steps to limit the access on my .ssh folder and it worked!
Now try to log back in to your remote computer using ssh! Hope it helps someone! answered May 15, 2020 at 23:15
3 How do I fix unprotected private key?In order to solve the "Warning: Unprotected Private Key File" error in AWS EC2, update the permissions of the private key file to only allow read access from the current user, e.g. chmod 600 ec2-private-key. pem . Open your terminal in the directory where your private key is located and run the chmod command. Copied!
How do I protect private key files?Everyone recommends that you protect your private key with a passphrase (otherwise anybody who steals the file from you can log into everything you have access to). If you leave the passphrase blank, the key is not encrypted. Let's look at this unencrypted format first, and consider passphrase protection later.
How do I protect a Windows key file?How to encrypt a file. Right-click (or press and hold) a file or folder and select Properties.. Select the Advanced button and select the Encrypt contents to secure data check box.. Select OK to close the Advanced Attributes window, select Apply, and then select OK.. |