Amazon-web-services – WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance

amazon ec2amazon-web-serviceschmodssh

I'm working to set up Panda on an Amazon EC2 instance.
I set up my account and tools last night and had no problem using SSH to interact with my own personal instance, but right now I'm not being allowed permission into Panda's EC2 instance.
Getting Started with Panda

I'm getting the following error:

@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

Permissions 0644 for '~/.ec2/id_rsa-gsg-keypair' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.

I've chmoded my keypair to 600 in order to get into my personal instance last night, and experimented at length setting the permissions to 0 and even generating new key strings, but nothing seems to be working.

Any help at all would be a great help!

Hm, it seems as though unless permissions are set to 777 on the directory, the ec2-run-instances script is unable to find my keyfiles.
I'm new to SSH so I might be overlooking something.

Best Answer

I've chmoded my keypair to 600 in order to get into my personal instance last night,

And this is the way it is supposed to be.

From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.

The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.

Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.

Any problems you are having are client side, so be sure to include local OS information with any follow up questions!

Related Solutions

Bash – How to specify the private SSH-key to use when executing shell command on Git

None of these solutions worked for me.

Instead, I elaborate on @Martin v. Löwis 's mention of setting a config file for SSH.

SSH will look for the user's ~/.ssh/config file. I have mine setup as:

Host gitserv
    Hostname remote.server.com
    IdentityFile ~/.ssh/id_rsa.github
    IdentitiesOnly yes # see NOTES below

And I add a remote git repository:

git remote add origin git@gitserv:myrepo.git

And then git commands work normally for me.

git push -v origin master

NOTES

The IdentitiesOnly yes is required to prevent the SSH default behavior of sending the identity file matching the default filename for each protocol. If you have a file named ~/.ssh/id_rsa that will get tried BEFORE your ~/.ssh/id_rsa.github without this option.

References

Amazon-web-services – Amazon EC2 Permission denied (publickey)

I'm going to answer my own question in case anyone else sees the same thing... Last night i had done:

ssh-add ~/.ssh/[keypair name]

then been connecting with:

ssh ec2-user@[ec2 instance ip]

This morning I tried the same and couldn't connect. But doing

ssh -i ~/.ssh/[keypair name] ec2-user@[ec2 instance ip]

gets me in.

Using ssh-add on the key pair again gets me in. I'm guessing ssh-add only works within the shell I'd issued it in. When I closed the terminal window and opened another I no longer had that keypair available without being explicit.

Best Answer

Related Solutions

Bash – How to specify the private SSH-key to use when executing shell command on Git

Amazon-web-services – Amazon EC2 Permission denied (publickey)

Related Topic