EC2 unprotected private key file

This post is mainly to remind myself…

When SSH-ing into an AWS EC2 instance like:

$ ssh -i "private.pem"

If you’ve downloaded the key without updating permissions, it’s likely you’ll get an error similar to:

The authenticity of host '' can't be established.
ECDSA key fingerprint is SHA256:z44+JO0AuXfXr2HqlwTbjdaLW9aWiNkdDIzNMNwK5Nk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
Permissions 0755 for 'private.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "private.pem": bad permissions
Permission denied (publickey).

As you can tell by the error, the private key permissions aren’t secure so we set them to readonly for owner using:

chmod 400 sshkey.pem

comments powered by Disqus