How to fix WARNING UNPROTECTED PRIVATE KEY FILE!

calendar Jun 30, 2021 · 2 min read  ·
Share on: linkedin copy

I am writing this post to document my troubleshooting steps when I faced the following issue -

WARNING: UNPROTECTED PRIVATE KEY FILE!

Permissions 0660 for jenkins-ec2.pem are too open.

It is required that your private key files are NOT accessible by others.

Load key jenkins-ec2.pem bad permissions

ubuntu@ec2-52-59-232-76.eu-central-1.compute.amazonaws.com: Permission denied (publickey)


How it happened?

This issue happened when I was trying to SSH into my EC2 instance running in AWS using key pair.

Here is the screenshot of my EC2 instance configuration where I set my-key-pair-1 as a PEM file

AWS EC2 Connect to instance SSH Client

This is how I was trying to connect my EC2 instance using SSH

AWS EC2 Connect to instance SSH Client

But when I run the ssh command, I saw the error -

1@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
3@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4Permissions 0660 for 'my-key-pair-1.pem' are too open.
5It is required that your private key files are NOT accessible by others.
6This private key will be ignored.
7Load key "my-key-pair-1.pem": bad permissions
8ubuntu@ec2-18-185-59-154.eu-central-1.compute.amazonaws.com: Permission denied (publickey).


Steps for troubleshooting

Step 1: Check the permission of the .pem file

In my case my file name was my-key-pair-1.pem, so I used the following command to check the permission of the file -

1stat -c %a jenkins-ec2.pem

And it returned me 777 which means the file has all the READ, WRITE, EXECUTE permission for all the users and group.

As per security guidelines, it is not recommended to have all READ, WRITE, EXECUTE permission on key-pair files.



Step 2 : Set the .pem file permission to 600

As we know that we have a lot of permission on the my-key-pair-1.pem file.

So to reduce the permission to 660 use the chmod command -

1chmod +660 my-key-pair-1.pem/

Once you change the permission you should be able to login into your AWS EC2 instance.



Reference - Getting “Warning: unprotected private key file!” error message while attempting to import SSH key