122
38
I've OpenSSH 7.6 installed in Windows 7 for testing purposes. SSH client & server work just fine till I tried to access one of my AWS EC2 box from this windows.
It seems like I need to change the permission on the private key file. This can be easily done on unix/linux with chmod
command.
What about windows?
private-key.ppm is copied directly from AWS and I guess the permission too.
C:\>ssh -V
OpenSSH_7.6p1, LibreSSL 2.5.3
C:\>ver
Microsoft Windows [Version 6.1.7601]
C:\>
C:\>ssh ubuntu@192.168.0.1 -i private-key.ppk
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'private-key.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "private-key.ppk": bad permissions
ubuntu@192.168.0.1: Permission denied (publickey).
C:\>
C:\>
C:\>ssh ubuntu@192.168.0.1 -i private-key.ppm
Warning: Identity file private-key.ppm not accessible: No such file or directory.
ubuntu@192.168.0.1: Permission denied (publickey).
C:\>
Have you tried modifying the ACL? – Ignacio Vazquez-Abrams – 2018-02-18T05:12:50.040
1Is your private key actually in C:\ root path? I can see why it is complaining as usually things in C:\ are accessible by everyone. Have you tried moving it to a folder that only you as the user have access (eg. C:\Users\username\desktop) and see if that message still comes up? – Darius – 2018-02-18T05:19:34.203
@Darius, yes it is. When you copy a file from unix/linux to windows, the permission is copied as well. I need to change this but not sure how to do it on windows. This can be easily done on unix/linux with chmod command. – Sabrina – 2018-02-18T05:27:42.010
@IgnacioVazquez-Abrams, ACL? What kind of ACL? – Sabrina – 2018-02-18T05:28:19.530
The ACL. Of the private key. – Ignacio Vazquez-Abrams – 2018-02-18T05:29:13.023
1@Sabrina Either you use icacls command to change permission, or simply right click on the Private Key, and choose Properties, and check under "Security" tab. And make sure that it is only accessible by you / whoever supposed to be able to access the private key. If "Users" have read access - means anyone that have access to the system can read that private key. – Darius – 2018-02-18T05:30:24.577
You can usually sidestep this on Linux and Unix using
chmod -R o-rwx ~/.ssh
. That is, remove all permissions granted toother
. For Windows remove Everyone from the.ssh/
and key ACLs. – jww – 2018-09-08T13:29:41.623