How to avoid Permission denied (publickey) SSH key (Windows)

Question

I want to connect my ec2 with SSH. But i get this error :

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'F:\\Config\\first1.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "F:\\Config\\first1.pem": bad permissions
ec2-user@ec2-52-14-94-38.us-east-2.compute.amazonaws.com: Permission denied (publickey).

How can i solve this problem on Windows?

You need to make sure the file has no read permission to any other user, You can do this by opening the file's permissions dialog and make sure only your user has read access. No write access, byw. — Barak Friedman, Nov 04 '20 at 20:33
Does this answer your question? [OpenSSH using private key on Windows ("Unprotected private key file" error)](https://stackoverflow.com/questions/48888365/openssh-using-private-key-on-windows-unprotected-private-key-file-error) — stdunbar, Nov 05 '20 at 03:03

score 28 · Answer 1 · edited Mar 09 '22 at 19:32

28

This is the method worked for me

Step 1

Right click the Key file first1.pem on explorer and Go to Properties > Security > Advanced > Disable Inheritance

Step 2

Select "Convert inherited permissions into explicit permissions on this object"

Step 3

Then delete everything there ( Including Administrator, User, User Groups ) and Click Add button.

Step 4

Now select select a principal > Advanced > Find Now > [ Your User object ] > OK

Step 5

Now you can tick "Full Control" then press OK

Now your key file is not accessible by others. This is the only method worked for me. Hope it helps. Thank You.

edited Mar 09 '22 at 19:32

Tono Nam

34,064
78
298
470

answered Dec 01 '20 at 09:02

Kate Sinclair

383
4
7

i believe you cacn addd the images into your answer directly. – Shankara Narayana Jan 23 '22 at 15:24
4

Thanks I finally managed to do this on windows. In Linux this can be done with just `chmod 700 {filePath}`. Windows makes this so complicated. – Tono Nam Mar 09 '22 at 19:36
1

This worked!!!! I searched last two days for this exact solution!! – Rashedul Alam Jul 09 '22 at 14:02

score 2 · Accepted Answer · answered Nov 04 '20 at 20:33

2

If permissions are too open for your private SSH key (regardless of OS) you will not be able to use the key.

Generally it should be as low permission as possible (Read only by your user only), at minimum on Windows you should be able to remove all other users permissions which will allow the key to be loaded.

answered Nov 04 '20 at 20:33

Chris Williams

32,215
4
30
68

Now it says : Load key "F:\\Config\\first1.pem": Permission denied – Sevval Kahraman Nov 04 '20 at 20:47
2

Sounds like you removed _too much_ permission. See: [Windows SSH: Permissions for 'private-key' are too open](https://superuser.com/a/1296046/413312) – John Rotenstein Nov 04 '20 at 20:49

score 0 · Answer 3 · answered Dec 17 '22 at 14:57

I've created a utility script on PowerShell Desktop edition to set the required permissions at once.

What it does

It consists of a function that takes the file as input and set the permissions removing inheritance and all users except the current user.

Note that inheritance needs to be applied first, in order to then be able to remove other users (methods that do that would do nothing if inheritance weren't applied first).

Before running the script, ExecutionPolicy should be set to RemoteSigned, I prefer to apply with a scope of session to don't have a permanent setting changed on my system.

How to use it

Open a Windows Power Shell console, run this first:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Then download the script, edit the private file name, and run it.

<script src="https://gist.github.com/Scot-Bernard/fd409ad73b3733c3b9e93dd9055b9814.js"></script>