If you encounter the “WARNING; Unprotected private key file”
error when using a private key with OpenSSH on Windows, you can take the steps below to resolve the issue.
For example, If you are going to use your .pem
file to connect your AWS EC2 Linux instance using your Windows OS, it will show the error given below saying that:
> ssh -i "trex-dino.pem" ec2-trex@ec2-3-XX-XXX-XX.us-east-2.compute.amazonaws.com
It throws the following sets of errors.
Code snippet by Autor - Taken from cmd (Copy-pasting from CMD) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions for 'trex-dino.pem' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "trex-dino.pem": bad permissions ec2-user@ec2-3-XX-XXX-XX.us-east-2.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
List of errors/issues to identify the solution:
- WARNING: UNPROTECTED PRIVATE KEY FILE!
- Permissions for ‘<your_file_name>.pem’ are too open.
- Load key “<your_file_name>.pem”: bad permissions
- OpenSSH using a private key on Windows permission issues
- SSH Key Authentication Issues: Troubleshooting
- SSH Authentication issues with
.pem
file.
You all need to resolve the issue quickly and efficiently with our proven 3 solutions.
Cover Photo by FLY:D on Unsplash
Method 1: Add/Manage File Permission CHMOD 600 in Windows
This is a full-proof working solution similar to CHMOD 600
from the Linux OS. You can try the following steps:
1. Open a command prompt as an administrator. To do so, right-click on the Start button, and select “Command Prompt (Admin)” or “Windows PowerShell (Admin)”.
2. Navigate to the directory where your private key file is located Using the change directory cd
command followed by the path to the directory. For example, if your private key is in the “Documents” folder, you can use the command:
> cd C:UsersYourUsernameDocuments
3. Once you are in the correct directory, use the icacls
command to modify the file’s permissions. Enter the following command:
> icacls private_key_file_name /inheritance:r
Replace “private_key_file_name” with the actual name of your private key file including the extension name. In my case the file name is trex-dino.pem
.
4. Press Enter to execute the command. This command will remove any inherited permissions from the private key file.
5. Now, set the appropriate permissions for the file by entering the following command:
> echo %USERDOMAIN%%USERNAME% It will return you, your pc domain and pc name like 'RAXTONhp-pc' > icacls private_key_file_name /grant:r “%USERDOMAIN%%USERNAME%”:(R) In my case, I have to hit following command. > icacls private_key_file_name /grant:r "RAXTONhp-pc:(r)"
Again, replace “private_key_file_name” with the actual name of your private key file, also change your respective %USERDOMAIN%%USERNAME%
machine name.
6. Press Enter to execute the command. This command grants read (R) permissions to the current user. (similar to CHMOD 600
in your Windows machine)
After following these steps, you should be able to use your private key (i.e. .pem
) file with OpenSSH without encountering the “Unprotected private key file” error.
Bingo!!, You can see your EC2 Linux Instance from your Windows machine using OpenSSH.
Last login: Fri Feb 3 08:06:13 2016 from XX.XXX.XXX.XX __| __|_ ) _| ( / Amazon Linux 2 AMI ___|___|___| https://aws.amazon.com/amazon-linux-2/ [ec2-trex@ip-XXX-XX-XX-XX ~]$ <DO ANYTHING HERE YOU WANT TO DO>
Important note: Don't forget to replace “private_key_file_name” with the actual name of your private key file and ensure that you have administrative privileges to modify file permissions.
How cool is it?!!
Method 2: Apply File Permissions using Properties > Security
Here’s a guide on how to fix it easily:
1. Open the Windows File Explorer and navigate to the directory where your private key file is located.
2. Right-click on the private key file and select “Properties” from the context menu.
3. In the Properties window, go to the “Security” tab.
4. Click on the “Advanced” button at the bottom of the window.
5. In the Advanced Security Settings window, you should see the “Owner” tab. Click on it.
6. Click on the “Edit” button, and in the next window, select your userdomainusername or the user account you are currently using on your Windows system. Click on “OK” to close the window.
7. Back in the Advanced Security Settings window, check the box that says “Replace owner on sub-containers and objects.” Then click on “Apply” and “OK” to close all windows.
8. Now, right-click on the private key file again and select “Properties”. Go to the “Security” tab.
9. Click on the “Edit” button to modify the permissions.
10. In the Permissions window, click on the “Add” button.
11. In the “Enter the object names to select” field, type your username or the user account you are currently using. Click on “Check Names” to validate the entry, and then click on “OK” to close the window.
12. In the Permissions window, select your username or the user account you just added. In the “Permissions for [your_username]” section, make sure the “Full control” box is checked. Then click on “Apply” and “OK” to save the changes and close the window.
Now you should be able to use the private key with OpenSSH on Windows without encountering the Unprotected private key file issue. In short, Changing file permissions settings and storing it in a secure location will do all the work for you.
Method 3: Re-Create a file and update file permissions with ssh-keygen
One workaround approach you can try to fix the “Unprotected private key file” error when using OpenSSH on your Windows OS:
1. Open a text editor (e.g., Notepad++, or Sublime) on your Windows system.
2. Copy and paste the contents of your private key file into the text editor.
Make sure to not add any whitespace before or after the file content.
3. Save the file with a new name and add the .txt
extension at the end (e.g., private_key.txt
).
4. Close the text editor.
5. Open a command prompt on your Windows system.
6. Navigate to the directory where you saved the modified private key file using the cd
command. For example, if the file is saved in the “Documents” folder, you can use the command:
cd C:UsersYourUsernameDocuments
7. Use the ssh-keygen
command to convert the modified private key file back to the OpenSSH format. Enter the following command:
ssh-keygen -p -f private_key.txt
Replace private_key.txt
with the actual name of your modified private key file.
8. Press Enter and you will be prompted to enter the passphrase for the private key (if you set one when generating the key originally). If you didn’t set a passphrase, just press Enter to continue.
9. You will then be prompted to confirm the new filename for the updated private key. Press Enter to accept the default filename, or specify a different filename if desired.
10. Once the process is complete, you should now have a new private key file in OpenSSH format.
You can now use this updated private key file with OpenSSH on Windows and make sure to use the new filename specified during the ssh-keygen
process when referencing the private key in your SSH commands or configuration.
References:
Which approach did you find the best and working for you within a short time? — Feel free to comment on it below.
© Copyrighted by Rakshit Shah — 2016
Discover more from 9Mood
Subscribe to get the latest posts sent to your email.
0 Comments