Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance

Tags:

chmod

ssh

amazon-web-services

amazon-ec2

People also ask

How do you login to EC2 instance if private key is lost?

When you use EC2Config or EC2Launch to reset a lost password, you must use its key pair to retrieve the administrator password. If you've lost the key pair, you can create an AMI of the existing instance, and then launch a new instance. You can then select a new key pair by following the instance launch wizard.

What should the permissions of a key pair .pem file be before connecting to an EC2 instance?

You must set permissions so that only the key owner has permission to access the file. This is a . ppk file for SSH clients using Windows, and the . ppk file is usually created from the .

I've chmoded my keypair to 600 in order to get into my personal instance last night,

And this is the way it is supposed to be.

From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.

The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.

Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.

Any problems you are having are client side, so be sure to include local OS information with any follow up questions!


Make sure that the directory containing the private key files is set to 700

chmod 700 ~/.ec2

To fix this,

  1. you’ll need to reset the permissions back to default:

    sudo chmod 600 ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa.pub

    If you are getting another error:

    • Are you sure you want to continue connecting (yes/no)? yes
    • Failed to add the host to the list of known hosts (/home/geek/.ssh/known_hosts).

  2. This means that the permissions on that file are also set incorrectly, and can be adjusted with this:

    sudo chmod 644 ~/.ssh/known_hosts

  1. Finally, you may need to adjust the directory permissions as well:

    sudo chmod 755 ~/.ssh

This should get you back up and running.


The private key file should be protected. In my case i have been using the public_key authentication for a long time and i used to set the permission as 600 (rw- --- ---) for private key and 644 (rw- r-- r--) and for the .ssh folder in the home folder you will have 700 permission (rwx --- ---). For setting this go to the user's home folder and run the following command


Set the 700 permission for .ssh folder

chmod 700 .ssh


Set the 600 permission for private key file

chmod 600 .ssh/id_rsa


Set 644 permission for public key file

chmod 644 .ssh/id_rsa.pub

Related questions

Github (SSH) via public WIFI, port 22 blocked
How do I force detach Screen from another SSH session?
Git clone / pull continually freezing at "Store key in cache?"
How to run the sftp command with a password from Bash script?
How can I remove an SSH key?
SSH library for Java [closed]
SSH Port forwarding in a ~/.ssh/config file? [closed]
com.jcraft.jsch.JSchException: UnknownHostKey
Find the IP address of the client in an SSH session
Getting permission denied (public key) on gitlab
How to solve "sign_and_send_pubkey: signing failed: agent refused operation"?
Git on Bitbucket: Always asked for password, even after uploading my public SSH key
Work on a remote project with Eclipse via SSH
Github permission denied: ssh add agent has no identities
How to ignore ansible SSH authenticity checking?
Git says "Warning: Permanently added to the list of known hosts"
How to set ssh timeout?
Configuring Git over SSH to login once
Seeing escape characters when pressing the arrow keys in python shell
Extract public/private key from PKCS12 file for later use in SSH-PK-Authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!