Fix OpenSSH Private Key Error on Windows | Quick Solution Guide

Discover effective solutions to resolve the 'Unprotected private key file' error when using OpenSSH on Windows.2 min


Fix OpenSSH Private Key Error: Windows Solution
Fix OpenSSH Private Key Error: Windows Solution

If you encounter the “WARNING; Unprotected private key file” error when using a private key with OpenSSH on Windows, you can take the steps below to resolve the issue.

For example, If you are going to use your .pem file to connect your AWS EC2 Linux instance using your Windows OS, it will show the error given below saying that:

> ssh -i "trex-dino.pem" ec2-trex@ec2-3-XX-XXX-XX.us-east-2.compute.amazonaws.com

It throws the following sets of errors.

Code snippet by Autor - Taken from cmd (Copy-pasting from CMD)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'trex-dino.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "trex-dino.pem": bad permissions
ec2-user@ec2-3-XX-XXX-XX.us-east-2.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

List of errors/issues to identify the solution:

  • WARNING: UNPROTECTED PRIVATE KEY FILE!
  • Permissions for ‘<your_file_name>.pem’ are too open.
  • Load key “<your_file_name>.pem”: bad permissions
  • OpenSSH using a private key on Windows permission issues
  • SSH Key Authentication Issues: Troubleshooting
  • SSH Authentication issues with .pem file.

You all need to resolve the issue quickly and efficiently with our proven 3 solutions.

Cover Photo by FLY:D on Unsplash

Method 1: Add/Manage File Permission CHMOD 600 in Windows

This is a full-proof working solution similar to CHMOD 600 from the Linux OS. You can try the following steps:

1. Open a command prompt as an administrator. To do so, right-click on the Start button, and select “Command Prompt (Admin)” or “Windows PowerShell (Admin)”.

2. Navigate to the directory where your private key file is located Using the change directory cd command followed by the path to the directory. For example, if your private key is in the “Documents” folder, you can use the command: 

> cd C:UsersYourUsernameDocuments

3. Once you are in the correct directory, use the icacls command to modify the file’s permissions. Enter the following command:

> icacls private_key_file_name /inheritance:r

Replace “private_key_file_name” with the actual name of your private key file including the extension name. In my case the file name is trex-dino.pem .

4. Press Enter to execute the command. This command will remove any inherited permissions from the private key file.

5. Now, set the appropriate permissions for the file by entering the following command:

> echo %USERDOMAIN%%USERNAME%

It will return you, your pc domain and pc name like 'RAXTONhp-pc'
 
> icacls private_key_file_name /grant:r “%USERDOMAIN%%USERNAME%”:(R)

In my case, I have to hit following command.

> icacls private_key_file_name /grant:r "RAXTONhp-pc:(r)"

Again, replace “private_key_file_name” with the actual name of your private key file, also change your respective %USERDOMAIN%%USERNAME% machine name.

6. Press Enter to execute the command. This command grants read (R) permissions to the current user. (similar to CHMOD 600 in your Windows machine)

After following these steps, you should be able to use your private key (i.e. .pem) file with OpenSSH without encountering the “Unprotected private key file” error. 

Bingo!!, You can see your EC2 Linux Instance from your Windows machine using OpenSSH.

Last login: Fri Feb  3 08:06:13 2016 from XX.XXX.XXX.XX

       __|  __|_  )
       _|  (     /   Amazon Linux 2 AMI
      ___|___|___|

https://aws.amazon.com/amazon-linux-2/
[ec2-trex@ip-XXX-XX-XX-XX ~]$ <DO ANYTHING HERE YOU WANT TO DO>

Important note: Don't forget to replace “private_key_file_name” with the actual name of your private key file and ensure that you have administrative privileges to modify file permissions.

How cool is it?!!

Method 2: Apply File Permissions using Properties > Security

Here’s a guide on how to fix it easily:

1. Open the Windows File Explorer and navigate to the directory where your private key file is located.

2. Right-click on the private key file and select “Properties” from the context menu.

3. In the Properties window, go to the “Security” tab.

4. Click on the “Advanced” button at the bottom of the window.

5. In the Advanced Security Settings window, you should see the “Owner” tab. Click on it.

6. Click on the “Edit” button, and in the next window, select your userdomainusername or the user account you are currently using on your Windows system. Click on “OK” to close the window.

7. Back in the Advanced Security Settings window, check the box that says “Replace owner on sub-containers and objects.” Then click on “Apply” and “OK” to close all windows.

8. Now, right-click on the private key file again and select “Properties”. Go to the “Security” tab.

9. Click on the “Edit” button to modify the permissions.

10. In the Permissions window, click on the “Add” button.

11. In the “Enter the object names to select” field, type your username or the user account you are currently using. Click on “Check Names” to validate the entry, and then click on “OK” to close the window.

12. In the Permissions window, select your username or the user account you just added. In the “Permissions for [your_username]” section, make sure the “Full control” box is checked. Then click on “Apply” and “OK” to save the changes and close the window.

Now you should be able to use the private key with OpenSSH on Windows without encountering the Unprotected private key file issue. In short, Changing file permissions settings and storing it in a secure location will do all the work for you.

Method 3: Re-Create a file and update file permissions with ssh-keygen

One workaround approach you can try to fix the “Unprotected private key file” error when using OpenSSH on your Windows OS:

1. Open a text editor (e.g., Notepad++, or Sublime) on your Windows system.

2. Copy and paste the contents of your private key file into the text editor.

Make sure to not add any whitespace before or after the file content.

3. Save the file with a new name and add the .txt extension at the end (e.g., private_key.txt).

4. Close the text editor.

5. Open a command prompt on your Windows system.

6. Navigate to the directory where you saved the modified private key file using the cd command. For example, if the file is saved in the “Documents” folder, you can use the command: 

cd C:UsersYourUsernameDocuments

7. Use the ssh-keygen command to convert the modified private key file back to the OpenSSH format. Enter the following command:

 ssh-keygen -p -f private_key.txt

Replace private_key.txt with the actual name of your modified private key file.

8. Press Enter and you will be prompted to enter the passphrase for the private key (if you set one when generating the key originally). If you didn’t set a passphrase, just press Enter to continue.

9. You will then be prompted to confirm the new filename for the updated private key. Press Enter to accept the default filename, or specify a different filename if desired.

10. Once the process is complete, you should now have a new private key file in OpenSSH format.

You can now use this updated private key file with OpenSSH on Windows and make sure to use the new filename specified during the ssh-keygen process when referencing the private key in your SSH commands or configuration.

References:

  1. icacls — Windows server commands

Which approach did you find the best and working for you within a short time? — Feel free to comment on it below.


© Copyrighted by Rakshit Shah — 2016

adsense


Discover more from 9Mood

Subscribe to get the latest posts sent to your email.


Like it? Share with your friends!

What's Your Reaction?

Lol Lol
0
Lol
WTF WTF
0
WTF
Cute Cute
0
Cute
Love Love
0
Love
Vomit Vomit
0
Vomit
Cry Cry
0
Cry
Wow Wow
0
Wow
Fail Fail
0
Fail
Angry Angry
0
Angry
Rakshit Shah

Legend

Hey Moodies, Kem chho ? - Majama? (Yeah, You guessed Right! I am from Gujarat, India) 25, Computer Engineer, Foodie, Gamer, Coder and may be a Traveller . > If I can’t, who else will? < You can reach out me by “Rakshitshah94” on 9MOodQuoraMediumGithubInstagramsnapchattwitter, Even you can also google it to see me. I am everywhere, But I am not God. Feel free to text me.

0 Comments

Leave a Reply

Choose A Format
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Ranked List
Upvote or downvote to decide the best list item
Open List
Submit your own item and vote up for the best submission
Countdown
The Classic Internet Countdowns
Meme
Upload your own images to make custom memes
Poll
Voting to make decisions or determine opinions
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Personality quiz
Series of questions that intends to reveal something about the personality
is avocado good for breakfast? Sustainability Tips for Living Green Daily Photos Taken At Right Moment