SSH: WARNING: UNPROTECTED PRIVATE KEY FILE! Error and Solution

Posted on in Categories , , , , , , last updated January 26, 2017

I‘m setting up server on an Amazon EC2 compute instance powered by Suse Enterprise Linux server. I am using the following command to login into the my EC2 compute from Mac OS X/Ubuntu Linux desktop:

ssh -i suse-ec2-server-jp.pem [email protected]

I am getting the following error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0440 for 'suse-ec2-server-jp.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: suse-ec2-server-jp.pem
Password:

How do I fix this problem and login using ssh command?

To fix this problem you need to use the chmod command. You need to make sure that the the permissions of suse-ec2-server-jp.pem is set to 0400 i.e. the file only readable by you and not by any other groups, users, and others.

chmod command syntax to fix file warnings

The syntax is:
chmod 0400 file
chmod 0400 /path/to/file

If suse-ec2-server-jp.pem is located in $HOME/.ssh/ directory, try:

## set permission on file ##
chmod 0400 $HOME/.ssh/suse-ec2-server-jp.pem 
 
## Make sure dir containing the suse-ec2-server-jp.pem private key and other files set to 0700
chmod 0700 $HOME/.ssh/

Verify permissions with the ls -l command:

ls -ld $HOME/.ssh/
ls -l $HOME/.ssh/suse-ec2-server-jp.pem

Now, try ssh command as follows:

## for ubuntu Linux #
ssh -i $HOME/.ssh/suse-ec2-server-jp.pem ubuntu@ec2-xx-yy-zzz-yyy.compute-1.amazonaws.com
 
## for Suse ##
ssh -i $HOME/.ssh/suse-ec2-server-jp.pem ubuntu@ec2-xx-yy-zzz-yyy.compute-1.amazonaws.com
 
## For freebsd ##
ssh -i $HOME/.ssh/suse-ec2-server-jp.pem root@ec2-xx-yy-zzz-yyy.compute-1.amazonaws.com

Sample session:

Fig.01: Fixing "WARNING: UNPROTECTED PRIVATE KEY FILE!" on Linux/MacOS X/FreeBSD/Unix
Fig.01: Fixing “WARNING: UNPROTECTED PRIVATE KEY FILE!” on Linux/MacOS X/FreeBSD/Unix

Please note that this is not AWS EC2 or Ubuntu/Suse Linux or Apple OS X specific issue. This is an OpenSSH client specific security related issue. See ssh man page for more information.

3 comment

  1. more specifically, your .ssh/ directory should have permission of 700
    your authorized_keys file should have permission of 600

Leave a Comment