ssh “permissions are too open” error

Keys need to be only readable by you:

chmod 400 ~/.ssh/id_rsa

If Keys need to be read-writable by you:

chmod 600 ~/.ssh/id_rsa

600 appears to be fine as well (in fact better in most cases, because you don't need to change file permissions later to edit it).

The relevant portion from the manpage (man ssh)

 ~/.ssh/id_rsa
         Contains the private key for authentication.  These files contain sensitive 
         data and should be readable by the user but not
         accessible by others (read/write/execute).  ssh will simply ignore a private 
         key file if it is              
         accessible by others.  It is possible to specify a
         passphrase when generating the key which will be used to encrypt the sensitive 
         part of this file using 3DES.

 ~/.ssh/identity.pub
 ~/.ssh/id_dsa.pub
 ~/.ssh/id_ecdsa.pub
 ~/.ssh/id_rsa.pub
         Contains the public key for authentication.  These files are not sensitive and 
         can (but need not) be readable by anyone.

Using Cygwin in Windows 8.1, there is a command need to be run:

chgrp Users ~/.ssh/id_rsa

Then the solution posted here can be applied, 400 or 600 is OK.

chmod 600 ~/.ssh/id_rsa

Ref: http://vineetgupta.com/blog/cygwin-permissions-bug-on-windows-8

The locale-independent solution that works on Windows 8.1 is:

chgrp 545 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa

GID 545 is a special ID that always refers to the 'Users' group, even if you locale uses a different word for Users.

I've got the error in my windows 10 so I set permission as the following and it works.

In details, remove other users/groups until it has only 'SYSTEM' and 'Administrators'. Then add your windows login into it with Read permission only.

Note the id_rsa file is under the c:\users\<username> folder.

0600 is what mine is set at (and it's working)

AFAIK the values are:

700 for the hidden directory ".ssh" where key file is located

600 for the keyfile "id_rsa"

Windows 10 ssh into Ubuntu EC2 “permissions are too open” error on AWS

I had this issue trying to ssh into an Ubuntu EC2 instance using the .pem file from AWS.

In windows this worked when I put this key in a folder created under the .ssh folder

C:\Users\USERNAME\.ssh\private_key

To change permission settings in Windows 10 :

File Settings > Security > Advanced

Disable inheritance

Convert Inherited Permissions Into Explicit Permissions

Remove all the permission entries except for Administrators

Could then connect securely.

provide 400 permission, execute below command

chmod 400 /Users/username/.ssh/id_rsa

There is one exception to the "0x00" permissions requirement on a key. If the key is owned by root and group-owned by a group with users in it, then it can be "0440" and any user in that group can use the key.

I believe this will work with any permissions in the set "0xx0" but I haven't tested every combination with every version. I have tried 0660 with 5.3p1-84 on CentOS 6, and the group not the primary group of the user but a secondary group, and it works fine.

This would typically not be done for someone's personal key, but for a key used for automation, in a situation where you don't want the application to be able to mess with the key.

Similar rules apply to the .ssh directory restrictions.

On Windows 10, cygwin's chmod and chgrp weren't enough for me. I had to right click on the file -> Properties -> Security (tab) and remove all users and groups except for my active user.

This is what worked for me (on mac)

sudo chmod 600 path_to_your_key.pem 

then :

ssh -i path_to_your_key user@server_ip

Hope it help

For windows users Only. Goto file property --> security --> advanced

1. Disable inheritance property
2. Convert Inherited Permissions Into Explicit Permissions.
3. Remove all the permission entries except the Administrators.

what worked for me

chgrp Users FOLDER

chmod 600 FOLDER

For me (using the Ubuntu Subsystem for Windows) the error message changed to:

 Permissions 0555 for 'key.pem' are too open

after using chmod 400. It turns out that using root as a default user was the reason.

Change this using the cmd:

 ubuntu config --default-user your_username

I got same issue after migration from another mac. And it blocked to connect github by my key.

I reset permission as below and it works well now.

chmod 700 ~/.ssh     # (drwx------)
cd ~/.ssh            
chmod 644 *.pub      # (-rw-r--r--)
chmod 600 id_rsa     # (-rw-------)

Interesting message here. Operating Systems are smart enough to deny remote connections if your private key is too open. It understands the risk where permissions for id_rsa is wide open (read, is editable by anyone).

{One may change your lock first and then open it with the keys he already has}

cd ~/.ssh
chmod 400 id_rsa

While working on the multiple servers (non-production), most of us feel need to connect remote server with ssh. A good idea is to have a piece of application level code (may be java using jsch) to create ssh trusts between servers. This way connection will be password-less. Incase, perl is installed - one may use net ssh module too.

As people have said, in Windows, I just dropped my pem file in C:\Users[user].ssh\ and that solved it. Although you can do chmod and other command line options from a bash or powershell prompt that didn't work. I didn't change rsa or anything else. Then when running the connection you have to put the path to the pem file in the .ssh folder:

ssh -i "C:\Users[user].ssh\ubuntukp01.pem" ubuntu@ec[ipaddress].us-west-2.compute.amazonaws.com

Type this command to resolve your issue.

chmod 600 ~/.ssh/id_rsa

I keep all my own certificates and keys in one directory, and this works for tools like PuTTY, but I got this "too open" error message from the scp command. I discovered that Windows already maintains a C:\users\ACCOUNTNAME\.ssh folder having the proper access rights for storing SSH keys. So long as you keep the contents backed up (Windows sometimes deletes it during updates), or create your own folder for ssh keys in your user folder, this will work fine, as only you and the administrators have access to that parent folder.

Be very careful about changing access rights on Windows folders. I did this, and once a day Windows is scanning, reading, and writing all the files on my C: drive, a process that slows the computer for many minutes.

I have came across with this error while I was playing with Ansible. I have changed the permissions of the private key to 600 in order to solve this problem. And it worked!

chmod 600 .vagrant/machines/default/virtualbox/private_key

I tried 600 level of permission for my private key and it worked for me. chmod 600 privateKey [dev]$ ssh -i privateKey user@ip worked

chmod 755 privateKey [dev]$ ssh -i privateKey user@ip it was giving below issue: Permissions 0755 for 'privateKey' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "privateKey": bad permissions

For Windows 10 this is what I've found works for me:

1. Move your key to the Linux file system: mv ~/.ssh /home/{username}
2. Set the permission on that key: chmod 700 /home/{username}/.ssh/id_rsa
3. Create a symbolic link to the key: ln -s /home/{username}/.ssh ~/.ssh

This happens if you have set your home directory (~) to be stored in Windows instead of Linux (under /mnt/ vs /home/).

The other trick is to do that on the downloads folder. After you download the private key from AWS EC2 instance, the file will be in this folder,then simply type the command

ssh-keygen -y -f myprivateKey.pem > mypublicKey.pub

700  folder
644  id_rsa.pub

this works for me.

I have got the similar issue when i was trying to login to remote ftp server using public keys..        
To solve this issue initially i have done the following process

    First find the location of the public keys because when you try to login to ftp using this public key. first we need to create a key and we set to set that keys permissions to 600.
            Make sure you are in correct location.
            step1:
            go the correct location
            step2:
            After you are in right location
 command: 
     chmod 600 id_rsa

        This has solved my issue.

In my case, I was trying to connect from the Ubuntu app in Windows 10 and got the error above. It could be resolved without any permission changes by running sudo su in the Ubuntu console prior to the actual command

Putty can do the work on windows 10. It generates a public key using a private key as input.

1. download putty from https://www.putty.org/
2. install putty. Two applications come upon the installation: putty config, putty key gen
3. launch puttyGen
4. click load and select a private key file. Please note, you need to rename your private key file with .ppk extension,e.g private-key.ppk

I was getting this issue on WSL on Windows while connecting to AWS instance. My issue got resolved by witching to classic Command prompt. You can try switching to a different terminal interface and see if that helps.

I got success with 'sudo'

sudo chmod 400 pem-file.pem
sudo ssh -i pem-file.pem [email protected]

In my case the issue was a whitespace too much.

ssh -i mykey.pem  [email protected]

but

ssh -i mykey.pem [email protected]

worked fine. The problem is that the whitespace is taken as part of the username.