16

I am attempting to login to my box using my .pem file however I get the error

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0555 for './arete-server.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: ./arete-server.pem
Permission denied (publickey).

chmod 400 doesn't work on Bash on Ubuntu on Windows and the best permissions I can give it is -r-xr-xr-x

Any idea how to get permissions to a point where I can use this pem file?

Improve this question
6
  • Keys aren't allowed to have any group or other ownership. I don't know why chmod isn't working. Did you try sudo? FWIW you can try chmod go-rwx, or sudo chmod go-rwx
    – gview
    Commented Sep 9, 2016 at 4:58
  • sudo using Bash on Ubuntu on Windows gives: sudo: unable to resolve host DESKTOP-4N3VUVG chmod go-rwx still gives -r-xr-xr-x
    – Chris
    Commented Sep 9, 2016 at 5:06
  • @ChristopherHoward -- if you're getting that message, your hosts file is not set up correctly; solve that problem, and I'd bet you'll be able to change the permissions using sudo.
    – simon
    Commented Sep 9, 2016 at 5:13
  • @simon No longer getting the sudo error (thanks!) However using sudo chmod 400 arete-server.pem still has permissions set as -r-xr-xr-x
    – Chris
    Commented Sep 9, 2016 at 5:23
  • @ChristopherHoward -- I lose my bet :( What about the filesystem type? If you're on FAT or NTFS (I think), you won't be able to set the permissions like that. Could that be it?
    – simon
    Commented Sep 9, 2016 at 5:36

7 Answers 7

Reset to default
41

On WSL, chmod donesn't work on NTFS partitions used by Windows. You need to move your .pem file to a partition in Linux container (for example the home folder), then chmod 400 will work.

  1. Navigate to a NTFS folder, example: cd /mnt/c/keyfiles
  2. Move .pem file to your home folder: mv key.pem ~
  3. Navigate to your folder: cd ~
  4. Apply the permission: chmod 400 key.pem
Improve this answer
2
  • After step 4. I was able to SSH using the key on my Linux container. Because I don't know much about how partitions apply permissions, one thing I noted is that copying your key back to your NTFS partition will not keep the permissions you set in the Linux container. I was able to use my key by keeping it inside of the Linux container where it had the correct permissions applied.
    – cody.codes
    Commented Nov 28, 2018 at 17:05
  • This work for me on Ubuntu, Thank you
    – A3IOU
    Commented Jan 6, 2023 at 16:50
14

sudo ssh -i mykey.pem ec2-user@ip works for me

Improve this answer
1
  • Didn't realize this. Using Ubuntu on windows OS, adding sudo in front works beautifully.
    – Badri Paudel
    Commented Apr 23 at 5:45
4

use PowerShell:

  1. icacls.exe key.pem /reset
  2. icacls.exe key.pem /grant:r "$($env:username):(r)"
  3. icacls.exe key.pem /inheritance:r
Improve this answer
3
  • Only this powershell solution worked, no others - thank you!
    – jryan14ify
    Commented Nov 7, 2021 at 22:12
  • Also I should add that username should be left literally as is because I keep coming back to this answer and unthinkingly adding my username
    – jryan14ify
    Commented Apr 3, 2022 at 20:17
  • This is awesome, I have wasted my 3 days to try lots of solution but none worked. Only this one worked in Win 11
    – Chetan Hirapara
    Commented Jan 11, 2023 at 10:30
3

On windows, follow the below command on PowerShell and not on cmd

$path = ".\Testkey1.pem"
# Reset to remove explict permissions
icacls.exe $path /reset
# Give current user explicit read-permission
icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"
# Disable inheritance and remove inherited permissions
icacls.exe $path /inheritance:r

enter image description here After that run command on cmd:

ssh -i file.pem username@ip-address

enter image description here

Improve this answer
0

you try to do this.

chmod 600 anyfile.pem
Improve this answer
1
  • Since the question mentions a specific file, ./arete-server.pem, perhaps your answer could be improved by referring to it?
    – Jeff Schaller
    Commented Jun 20, 2022 at 13:09
-1

Manually re-created pem file in linux subsystem folder after resolving sudo issues

Files moved into system using explorer do not appear, neededd to be created using nano

Improve this answer
1
  • 1
    nano foobar.pem Paste the info into that, save
    – Chris
    Commented Mar 19, 2017 at 5:23
-1

Go to your File Explorer and right-click on the ex:keyname.pem file and go for show more options > then click on give access to > then go for remove access

come to your Ubuntu terminal or wsl

copy the file in the home directory

User@Ubuntu:~$ cp "/mnt/c/path_of_the_key_pair" ~

other related commands of your aws SSH client

note: these are mine just I changed the key names of these

User@Ubuntu:~$ chmod 400 MyKeyPair.pem

User@Ubuntu:~$ ssh -i "MyKeyPair.pem.pem" [email protected]
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.