Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance

People also ask

How do you login to EC2 instance if private key is lost?

When you use EC2Config or EC2Launch to reset a lost password, you must use its key pair to retrieve the administrator password. If you've lost the key pair, you can create an AMI of the existing instance, and then launch a new instance. You can then select a new key pair by following the instance launch wizard.

What should the permissions of a key pair .pem file be before connecting to an EC2 instance?

You must set permissions so that only the key owner has permission to access the file. This is a . ppk file for SSH clients using Windows, and the . ppk file is usually created from the .


I've chmoded my keypair to 600 in order to get into my personal instance last night,

And this is the way it is supposed to be.

From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.

The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.

Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.

Any problems you are having are client side, so be sure to include local OS information with any follow up questions!


Make sure that the directory containing the private key files is set to 700

chmod 700 ~/.ec2

To fix this,

  1. you’ll need to reset the permissions back to default:

    sudo chmod 600 ~/.ssh/id_rsa
    sudo chmod 600 ~/.ssh/id_rsa.pub
    

    If you are getting another error:

    • Are you sure you want to continue connecting (yes/no)? yes
    • Failed to add the host to the list of known hosts (/home/geek/.ssh/known_hosts).
  2. This means that the permissions on that file are also set incorrectly, and can be adjusted with this:

    sudo chmod 644 ~/.ssh/known_hosts
    
  1. Finally, you may need to adjust the directory permissions as well:

    sudo chmod 755 ~/.ssh
    

This should get you back up and running.


The private key file should be protected. In my case i have been using the public_key authentication for a long time and i used to set the permission as 600 (rw- --- ---) for private key and 644 (rw- r-- r--) and for the .ssh folder in the home folder you will have 700 permission (rwx --- ---). For setting this go to the user's home folder and run the following command


Set the 700 permission for .ssh folder

chmod 700 .ssh


Set the 600 permission for private key file

chmod 600 .ssh/id_rsa


Set 644 permission for public key file

chmod 644 .ssh/id_rsa.pub