How to resolve the "SSH Unprotected Private Key File" warning in SSH

Private-key authentication in SSH depends on keeping the private key readable only by its owner, so any other access is treated as a security risk and blocks key-based login. An “UNPROTECTED PRIVATE KEY FILE” warning appears when the permissions on the private key are too permissive, causing OpenSSH to ignore the key and fall back to other authentication methods such as passwords.

During authentication, OpenSSH validates the permissions and ownership of each private key before attempting to use it. When debug output shows the unprotected key banner together with permissions like 0755 or 0644, the key is considered usable by other accounts and is rejected. A typical failure looks similar to the following excerpt.

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/shakir/.ssh/simplified-guide.pem
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/Users/shakir/.ssh/simplified-guide.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/shakir/.ssh/simplified-guide.pem": bad permissions

Overly permissive keys are often created when copying files from another system, downloading keys from a browser, or unpacking archives that do not preserve secure permissions. Misconfigured umask values or shared directories can have the same effect, leaving the private key readable by other users and increasing the risk of key theft. Restricting the file mode to owner-only access restores secure key use and removes the warning; the steps below focus on Linux, but the same permissions are also required on macOS and other OpenSSH platforms.

1. Locate the private SSH key file on the system, usually under ~/.ssh with a .pem or .key extension.
2. Open a terminal window with access to the account that owns the private key.
3. Verify the current permissions and ownership of the private key file (optional).

   $ ls -l ~/.ssh/simplified-guide.pem
   -rwxr-xr-x@ 1 shakir  staff  1700 May 12  2021 .ssh/simplified-guide.pem

   Permissions such as -rwxr-xr-x or -rw-r--r-- indicate that the group or other users can read the key and will trigger the warning.

4. Change the private key permissions to owner read and write only so that group and other users lose all access.

   $ chmod 600 ~/.ssh/simplified-guide.pem

   The file must be owned by the correct user with mode 600, giving that user read and write access while denying all permissions to the group and others.

   Related: How to change file and folder permissions in Linux

5. Confirm that the new mode is restricted to the owner and that no execute bits remain set.

   $ ls -l ~/.ssh/simplified-guide.pem
   -rw------- 1 shakir  staff 1700 May 12 2021 .ssh/simplified-guide.pem

6. Attempt to connect to the server again using the fixed private key.

   $ ssh -i ~/.ssh/simplified-guide.pem user@example-host
   Welcome to Ubuntu 22.04 LTS
   ##### snipped #####

   The absence of the “UNPROTECTED PRIVATE KEY FILE” banner and a successful login indicate that the permissions are now acceptable to OpenSSH.