How to resolve the "SSH Unprotected Private Key File" warning in SSH

When using SSH to connect to a server, you may encounter a warning about an “unprotected private key file.” This warning indicates that the private key file has permissions that are too open, making it accessible to other users. As a security measure, SSH enforces strict permission settings on private keys to prevent unauthorized access.

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/shakir/.ssh/simplified-guide.pem
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/Users/shakir/.ssh/simplified-guide.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/shakir/.ssh/simplified-guide.pem": bad permissions

The issue often arises when a private key is copied or transferred, altering its original permissions. This can happen if the tool used to copy the key does not preserve the original file permissions, leading to a more permissive setting. The default system umask value might also contribute to this problem, causing the private key file to become accessible by others.

To resolve this issue, the file permissions of the private key must be restricted. The correct permissions ensure that the private key is only accessible by the file owner. Once the permissions are set properly, SSH will allow the private key to be used for authentication without triggering the warning.

Related: How to generate SSH key pairs

Steps to change SSH private key permission in Linux:

Locate the private SSH key file on your system.
Open a terminal window.

Verify the current permissions of the private key file (optional).

$ ls -l ~/.ssh/simplified-guide.pem
-rwxr-xr-x@ 1 shakir  staff  1700 May 12  2021 .ssh/simplified-guide.pem

Modify the permissions of the private key to restrict access.
```
$ chmod 600 ~/.ssh/simplified-guide.pem
```
The file must be owned by the user where the user has read and execute access, and is set to allow no access at all to user's group or other users.

Related: How to change file and folder permissions in Linux

Verify the new permissions of the private key file.

$ ls -l .ssh/simplified-guide.pem
-rw------- 1 user group 1700 May 12 2021 .ssh/simplified-guide.pem

Attempt to connect to the server again using the public key authentication method.

Related: How to authenticate using Public Key Authentication method in SSH

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.