发表新帖
发表新帖

WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance

前端 未结
关注
11 2179
慢半拍i
慢半拍i 2020-12-12 11:06

I\'m working to set up Panda on an Amazon EC2 instance. I set up my account and tools last night and had no problem using SSH to interact with my own personal instance, but

相关标签:
11条回答
  • 迷失自我
    2020-12-12 11:38

    Change the File Permission using chmod command 

    sudo chmod 700 keyfile.pem
    0 讨论(0)
  • 被撕碎了的回忆
    2020-12-12 11:42

    Make sure that the directory containing the private key files is set to 700

    chmod 700 ~/.ec2
    0 讨论(0)
  • 醉话见心
    2020-12-12 11:42

    On windows, Try using git bash and use your Linux commands there. Easy approach

    chmod 400 *****.pem

ssh -i "******.pem" ubuntu@ec2-11-111-111-111.us-east-2.compute.amazonaws.com
    0 讨论(0)
  • 日久生厌
    2020-12-12 11:42

    I am thinking about something else, if you are trying to login with a different username that doesn't exist this is the message you will get.

    So I assume you may be trying to ssh with ec2-user but I recall recently most of centos AMIs for example are using centos user instead of ec2-user

    so if you are ssh -i file.pem centos@public_IP please tell me you aretrying to ssh with the right user name otherwise this may be a strong reason of you see such error message even with the right permissions on your ~/.ssh/id_rsa or file.pem

    0 讨论(0)
  • 情深已故
    2020-12-12 11:43

    The solution is to make it readable only by the owner of the file, i.e. the last two digits of the octal mode representation should be zero (e.g. mode 0400).

    OpenSSH checks this in authfile.c, in a function named sshkey_perm_ok:

    /*
 * if a key owned by the user is accessed, then we check the
 * permissions of the file. if the key owned by a different user,
 * then we don't care.
 */
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
    error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
    error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
    error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
    error("Permissions 0%3.3o for '%s' are too open.",
        (u_int)st.st_mode & 0777, filename);
    error("It is required that your private key files are NOT accessible by others.");
    error("This private key will be ignored.");
    return SSH_ERR_KEY_BAD_PERMISSIONS;
}

    See the first line after the comment: it does a "bitwise and" against the mode of the file, selecting all bits in the last two octal digits (since 07 is octal for 0b111, where each bit stands for r/w/x, respectively).

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-12 11:51

    To fix this,

    1. you’ll need to reset the permissions back to default:

      sudo chmod 600 ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa.pub

      If you are getting another error:

      • Are you sure you want to continue connecting (yes/no)? yes
      • Failed to add the host to the list of known hosts (/home/geek/.ssh/known_hosts).

    2. This means that the permissions on that file are also set incorrectly, and can be adjusted with this:

      sudo chmod 644 ~/.ssh/known_hosts

    1. Finally, you may need to adjust the directory permissions as well:

      sudo chmod 755 ~/.ssh

    This should get you back up and running.

    0 讨论(0)
 看不清?
提交回复
热议问题