Windows CHMOD 600

Question

I\'m trying to connect to Amazon EC2 using OpenSSH in windows but I need to set the permissions of my key file.

What is the windows equivalent of CHMOD 600

Answer 1

I've go same issue. The solution, which worked was to set compatibility mode of ssh.exe to Windows XP SP3.

Answer 2

Not really answering the same question but I was able to connect to EC2 using these instructions:

SSH to EC2 linux instance from Windows

Answer 3

I ran into the same problem on windows 10. I fixed it by adding my user and granting the Modify, Read & execute, Read and write permissions. I removed all other users. Here is what it looks like after removing all other permissions:

Answer 4

Today one of the recommended ways on Windows would be to use PowerShell and the Get-Acl and Set-Acl Cmdlets.

Here's an example to ensure that only the current user has permission to a folder and all files in it - similar to what is recommended for the .ssh folder in Unix/Linux/OS X:

# get current ACL of directory
$Acl = Get-Acl -Path $Directory

# remove inheritance ($true) and remove all existing rules ($false)
$Acl.SetAccessRuleProtection($true,$false)

# create new access rule for
# current user
# with FullControl permission
# enable inheritance for folders and files
# enable it for the specified folder as well
# allow these conditions 
$AcessRule = [System.Security.AccessControl.FileSystemAccessRule]::new(
    $env:USERNAME,
    "FullControl",
    ([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
    [System.Security.AccessControl.PropagationFlags]::None,
    [System.Security.AccessControl.AccessControlType]::Allow)

# add access rule to empty ACL
$Acl.AddAccessRule($AcessRule)

# activate ACL on folder
Set-Acl -Path $Directory -AclObject $Acl

For more details see

• FileSystemAccessRule-Class
• Set-Acl documentation

Answer 5

I realize this is somewhat old but I just found the solution for myself in Windows 7. And it looks like this question went unresolved. I had all of the same errors including Cygwin missing cygintl-2.dll on chmod as you noted in the comments.

After extensive research and not finding any answers I ran:

C:\Users\mztriz\.ssh>ssh -v

OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] [-p port] [-R port:host:hostport] [user@]hostname [command]

As you can see the version of OpenSSH I was running was quite outdated. However, I didn't know this because a quick google search of OpenSSH for Windows returns this old version.

After looking into the versioning I found OpenSSH for Windows 6.9p1-1 in the downloads section of that website.

This newer version of OpenSSH seems to fix all of the issues you mention.

Answer 6

Modify the permissions so that:

• The key file doesn't inherit from the container
• You (the owner) have full access
• Remove permission entries for any other users (e.g., SYSTEM, Administrator)
• Add an Entry for special user Everyone and edit the permissions for that user to Deny for all permissions:
  • Right click on the file in Windows Explorer and choose Properties > Security > Advanced, to get the Advanced Security Settings dialog.
  • Click on the Permissions tab, then click Change Permissions.
  • Click Add, enter Everyone into the object name field, click Check Names, then click OK.
  • In the Permission Entry dialog, click the checkbox in the Deny column for Full Control.
  • Click OK on each dialog to back out and close the file's properies dialog.

Now scp will read permissions 0400 and will be happy. Ish.