OpenSSH using private key on Windows ("Unprotected private key file" error)

Question

I am attempting to do a simple connection to a SSH server using OpenSSH for Windows using a private key, and am met with this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'private' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "private": bad permissions

On Linux, this is fixed with a simple chmod 600 on the private key file, however Windows does not have an equivalent method.

This sounds like something that should be pretty easy, but I am completely unable to find any reasonable solution to it. Is there a way to either add the private key directly without going through a file, or to skip this privacy check? Or am I missing something else entierly?

Answer 1

You can use icacls in Windows instead of chmod to adjust file permission. To give the current user read permission and remove everything else (Which will allow openssh to work), this works nicely:

Command Prompt:

icacls .\private.key /inheritance:r
icacls .\private.key /grant:r "%username%":"(R)"

In PowerShell, you can get icacls to work by wrapping the command in a call to cmd.exe

icacls .\private.key /inheritance:r
start-process "icacls.exe" -ArgumentList '.\private.key /grant:r "$env:USERNAME":"(R)"'

Answer 2

FYI: Rename the "test.pem" to your original pem file name.

1. Setting path variable

   $path = ".\test.pem"

2. Reset to remove explicit permissions

   icacls.exe $path /reset

3. Give current user explicit read-permission

   icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"

4. Disable inheritance and remove inherited permissions

   icacls.exe $path /inheritance:r

Note:

• You can replace the file name as per your file name. In this case it is test.pem.
• You must be in the same directory where your file is located.
• You must open power shell as administrator.

Answer 3

I did it on Windows 10 and it fixed the issue as you can see in the image as well.

You should change the owner of the file(which contains the private key)to your username with full access. and then remove the other usernames that have access to that file.

1. right-click on the file which contains the private key and clicks on properties and then Security tab> Advanced by clicking on the change button you can change the owner to your username. (if you don't know the name of your username run: "echo %USERNAME%" in command prompt.) Change>Advanced...>Find Now

2. remove all Permission entries except the one you just added

click on Disable inheritance> Convert inherited permissions... then remove all Permission entries except the one you just added.

enter image description here

Answer 4

For windows 10 store the key file in User Ex: C:\Users\MANNEM.ssh

Make sure permission of private key file will be as shown in the image