When using SSH to connect to a server, you may encounter a warning about an “unprotected private key file.” This warning indicates that the private key file has permissions that are too open, making it accessible to other users. As a security measure, SSH enforces strict permission settings on private keys to prevent unauthorized access.

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/shakir/.ssh/simplified-guide.pem
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/Users/shakir/.ssh/simplified-guide.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/shakir/.ssh/simplified-guide.pem": bad permissions

The issue often arises when a private key is copied or transferred, altering its original permissions. This can happen if the tool used to copy the key does not preserve the original file permissions, leading to a more permissive setting. The default system umask value might also contribute to this problem, causing the private key file to become accessible by others.

To resolve this issue, the file permissions of the private key must be restricted. The correct permissions ensure that the private key is only accessible by the file owner. Once the permissions are set properly, SSH will allow the private key to be used for authentication without triggering the warning.

Steps to change SSH private key permission in Linux:

  1. Locate the private SSH key file on your system.
  2. Open a terminal window.
  3. Verify the current permissions of the private key file (optional).
    $ ls -l ~/.ssh/simplified-guide.pem
    -rwxr-xr-x@ 1 shakir  staff  1700 May 12  2021 .ssh/simplified-guide.pem
  4. Modify the permissions of the private key to restrict access.
    $ chmod 600 ~/.ssh/simplified-guide.pem

    The file must be owned by the user where the user has read and execute access, and is set to allow no access at all to user's group or other users.

  5. Verify the new permissions of the private key file.
    $ ls -l .ssh/simplified-guide.pem
    -rw------- 1 user group 1700 May 12 2021 .ssh/simplified-guide.pem
  6. Attempt to connect to the server again using the public key authentication method.
Discuss the article:

Comment anonymously. Login not required.