Sometimes a short post that helps others solve a problem is worth more than a 2,000-word epic post. On that note, today I’m going to give you the 1 line that you need to fix the permission error when SSH into Amazon EC2 instance.

So for all the newbies to AWS who are dabbling in that complex ecosystem of command line, you’ll probably get the following error sooner or later when trying to SSH into your EC2 instance. It looks like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'youramazon.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: amazonec2.pem
Permission denied (publickey).

Why are you getting the unprotected private key file error?

Quite simply, EC2 instances will not accept a .pem key if it is publicly visible. Since your .pem file is likely sitting on your Desktop or Downloads folder, it has a permission code of 0644. Unfortunately, that’s not good enough for your server to accept and therefore it denies access as a security precaution.

Said differently, security measures recommend that your private key files (.pem file) are NOT accessible by others. Therefore, the server simply ignores the private key.

How to fix the unprotected private key file error?

If you’re on a Mac, follow these instructions:

1) Find your .pem key file on your computer. It doesn’t matter where it is, but just identify it in Preview as you’ll need to drag/drop it soon.

2) Open Terminal and type the following:

chmod 400

3) Assuming your cursor is after the 600, now drag and drop the .pem key file onto Terminal. The final result will look something like this but please note that your .pem key filename and location path will be different than my example below.

chmod 400 /Users/myself/Documents/MyAccessKey1.pem

NOTE: If you don’t intend on ever editing the file – which is most likely – then, chmod 400 is the more secure and appropriate setting. If you do intend on editing the .pem key file, then use chmod 600 instead of chmod 400 because that will allow the owner read-write access and not just read-only access.

4) Press Enter. Nothing magical will happen nor will you get a confirmation from Terminal. It’ll just work. Now, you can try to SSH to your EC2 instance on AWS and tackle the next headbanger.

That’s it. As promised, this is as short as I can keep this post.

10 Responses to "How to Fix Permission Error When SSH into Amazon EC2 Instance"

  1. Avatar
    khaled   March 17, 2017 at 11:47 am

    hello, i have made as per the advice of AWS, but now i cannot change anything inside my user, i cannot install or modify, it is read only. no chmod is working i cannot reverse the permission. do you have any advice about that? since over internet they are saying that there is no hope, i have to restore the system to a previous working date. thank you in advance

    Reply
  2. Avatar
    Israel   September 21, 2018 at 6:12 pm

    and how do you do chmod 400 on a windows machine? I tought cloud services were created to easy your life, not complicate them….

    Reply
  3. Avatar
    James   February 7, 2019 at 12:49 am

    Charlie, I want you to know that I have been working for hours trying to change the ssh port for a project with no avail. I have litterally been creating and deleting aws instances for hours, until I found that to change the port, you have to do it from the local machine. Which took me to trying to connect my terminal to aws which wasn’t going well because of the permissions thing. I just want you to know, that your quick fix was a God send and thankfully I can say after 4 hours of making no progress, that I am one small step closer. THANK YOU!

    Reply
    • Avatar
      Charlie   February 7, 2019 at 2:51 am

      James – I’m glad this post saved you hours of your life. I remember going through the same pain myself as I’m not expert on AWS, and thought that there had to be better documentation to prevent others having to deal with the same pain. In short, I’m just glad my words were not in vain.

      Anyhow, kudos to you for getting almost to the finish line. Good luck with the remaining steps.

      Reply
  4. Avatar
    Stizzi   July 14, 2019 at 5:44 pm

    What should I consider if I’m still being denied access? “Permission denied (publickey).”

    Reply
  5. Avatar
    Mark Santiago   August 30, 2019 at 1:15 pm

    Hi thanks for clear explanation of what’s going on. Sadly it went from giving me all that feedback about unsecure private keys and now simply says Permission denied (publickey) nothing else….. if you see this by any chance would you happen to have any suggestions?

    I’ve been googling on this for weeks. I can connect with filezilla with the same .pem file but not via ssh.. ugh…

    Reply
    • Avatar
      Mark santiago   August 30, 2019 at 2:15 pm

      ignore my last comment, sorry. as soon as i sent it i figured it out. That’s how it goes sometimes right? Thanks again for the clear post though!

      Reply
  6. Avatar
    denise   October 4, 2019 at 5:07 am

    if you connect from windows, just copy the private key to your home directory, such as:
    C:\Users\currentuser\.ssh\

    Reply
  7. Avatar
    Bhagendra Singh   October 9, 2019 at 6:25 am

    Unfortunatly I gave the permission on aws root chmod -R 777 .*
    Ater that I am unable to open aws server using pem key
    I fond an error : Permission denied (publickey).

    How can I solve this problem

    Reply
  8. Avatar
    Susana   October 26, 2019 at 6:01 pm

    Can someone update with how they solved this? Once I did this I just get invalid format, Permission denied (publickey). Like Mark Santiago and Stizzi.

    Reply

Leave a Reply

Your email address will not be published.