I was just setting up my AWS CLI on a new Windows 10 machine and I ran into this error when trying to remote into my EC2 instance.
This is not related to AWS in any shape or form – it is a straightforward SSH requirement that is enforced on both Windows and Unix systems.
The issue is that we haven’t protected our private key file so if we’re going to use it to connect to an SSH endpoint then the OS forces us to conform to security standards by flagging up that UNPROTECTED PRIVATE KEY FILE error.
May 17, 2010 The ssh client allows you to selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is /.ssh/identity for protocol version 1, and /.ssh/idrsa and /.ssh/iddsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. When a private key is needed the user is asked to supply the passphrase so that the private key can be decrypted. The handling of passphrases can be automated with an SSH agent. In most automated use cases (scripts, applications, etc) the private keys are not protected and careful planning and key management practises need to be excercised to. Using PuTTYTray to generate a key pair. If you are running Windows and PuTTYTray for SSH, you can use the built-in key generator from PuTTY to create a new key pair. Click the Keygen button at the bottom of the PuTTY Configuration window to get started. Then in the Key Generator window, check that the Type of key to generate at the bottom is set to SSH-2 RSA. A user private key is key that is kept secret by the SSH user on his/her client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise his/her identity. From the left sidebar, select SSH Keys. In the Key box, paste the contents of your public key. If you manually copied the key, make sure you copy the entire key, which starts with ssh-ed25519 or ssh-rsa, and may end with a comment. In the Title text box, type a.
The solution is simple – we must fix exactly what it tell us to do in those bold capital letters. So let’s fix the security settings for our file.
The private key file that I’m trying to use as you may see from the screenshot is “ec2-demo.pem”. So we start by finding it in Windows Explorer.
now right-click on it and go to “Properties” and then the “Security” tab and then click on “Advanced”.
On the Advanced tab we need to do the folowing:
Mac Ssh Private Key
- Make sure that you, the user who is logged in, is the file owner
- Disable inheritance. If it prompts you to remove all current inherited permissions then accept it.
- We need to give us Full Control. First, make sure that the Permission Entries panel is empty, i.e. there are no explicit permissions set. Then click on Add, then click on Select a Principal at the top and then click on “Advanced” and use “Find Now” to find the user you are logged in as. Once you find it, tick the Full Control box and click ok.
Yubikey Ssh Private Key
Close all windows and try running your SSH command again. It should work now.
Private Key Ssh
If it doesn’t, here’s the check list: double check that you are the owner of the file, that you have Full Control permissions assigned and finally that there are no other permissions set except the one giving you full control.