Sometimes a short post that helps others solve a problem is worth more than a 2,000-word epic post. On that note, today I’m going to give you the 1 line that you need to fix the permission error when SSH into Amazon EC2 instance.

So for all the newbies to AWS who are dabbling in that complex ecosystem of command line, you’ll probably get the following error sooner or later when trying to SSH into your EC2 instance. It looks like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'youramazon.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: amazonec2.pem
Permission denied (publickey).

Why are you getting the unprotected private key file error?

Quite simply, EC2 instances will not accept a .pem key if it is publicly visible. Since your .pem file is likely sitting on your Desktop or Downloads folder, it has a permission code of 0644. Unfortunately, that’s not good enough for your server to accept and therefore it denies access as a security precaution.

Said differently, security measures recommend that your private key files (.pem file) are NOT accessible by others. Therefore, the server simply ignores the private key.

How to fix the unprotected private key file error?

If you’re on a Mac, follow these instructions:

1) Find your .pem key file on your computer. It doesn’t matter where it is, but just identify it in Preview as you’ll need to drag/drop it soon.

2) Open Terminal and type the following:

chmod 400

3) Assuming your cursor is after the 600, now drag and drop the .pem key file onto Terminal. The final result will look something like this but please note that your .pem key filename and location path will be different than my example below.

chmod 400 /Users/myself/Documents/MyAccessKey1.pem

NOTE: If you don’t intend on ever editing the file – which is most likely – then, chmod 400 is the more secure and appropriate setting. If you do intend on editing the .pem key file, then use chmod 600 instead of chmod 400 because that will allow the owner read-write access and not just read-only access.

4) Press Enter. Nothing magical will happen nor will you get a confirmation from Terminal. It’ll just work. Now, you can try to SSH to your EC2 instance on AWS and tackle the next headbanger.

That’s it. As promised, this is as short as I can keep this post.

Leave a Reply

Your email address will not be published.

Pin It on Pinterest

Shares
Share This