I have a running EC2 instance that is running Linux OS(Amazon Linux AMI release 2018.03) on it.

Given that Windows 10 has SSH client available in the command prompt, I was trying to SSH into my EC2 instance using the SSH private key(.pem file) provided by AWS as a key pair during the setup of the EC2 instance.

The command I am using on cmd is :

ssh -i private_key.pem [email protected]

Here private_key.pem is the name of the private key file provided by AWS.

But I keep getting the error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'private_key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "private_key.pem": bad permissions
[email protected]: Permission denied (publickey).

Some things I would like to clarify:

1. There are similar questions on StackOverflow. Those questions actually involve trying to connect to the EC2 instance from a host that is running MacOS/Linux(any UNIX based OS). In my case I am trying to connect from Windows 10 host using command prompt.

2. In answer to such other questions as discussed in (1), people have suggested trying to change the file permission of the private key file(.pem) file to read-only(chmod 444 file.pem). In response, I tried making my .pem file as read-only from the file properties in my Windows. This did not help. I keep getting the same error.

3. I am able to connect to other remote Linux hosts from my Windows 10 cmd, which suggests there is probably no problem with my Windows 10 SSH client.

4. I know this connection can be made easier by using Putty instead of CMD, but that is not what this question is about. Just assume because of some constraints I cant use Putty.

Any help would be appreciated.

In Windows 10, locate the .pem file in question and right-click on it.

From Properties-->Security--> Advanced:

1. Make sure your user is the owner of the file
   
2. Give Read&Execute permissions for your user specifically,
   while removing all other permissions on the file for other users or groups.

For windows users using powershell or bash:

cd into your_keys.pem folder.

type

icacls.exe aws_keys.pem /reset

icacls.exe aws_keys.pem /grant:r "$($env:username):(r)"

icacls.exe aws_keys.pem /inheritance:r

Note: These commands give same permissions like chmod 400 your_keys.pem on mac...

and then use ssh -i "your_keys.pem" ubuntu@your_public_server_ip.com

You are right - it's because Windows permissions model differs from Linux.

See more: Understanding Linux File Permissions - Linux.com

There are many tips howto fix the issue. I'd suggest to apply this script from this repository: openssh-portable

As per source code

.Synopsis Sets the Secure File ACL. 1. Removed all user acl except Administrators group, system, and current user 2. whether or not take the owner .Outputs N/A .Inputs FilePath - The path to the file takeowner - if want to take the ownership

In windows, there is a different method to give permissions to keys.pem file. Write the following lines in your terminal:

$ icacls.exe your_key_name.pem /reset
$ icacls.exe your_key_name.pem /grant:r "$($env:username):(r)"
$ icacls.exe your_key_name.pem /inheritance:r

Your keys.pem will now have the same restrictions as "chmod 400" in Linux.

Source: [Solved] WARNING: UNPROTECTED PRIVATE KEY FILE!