Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Why should i change the permissions on the ssh pem file?

0

Amazon recommends to run the command chmod 400 key.pem on my pem key to prevent the key from being publicly viewable.

I am on a windows computer and i can't make an ssh connection with cmd.exe if the permissions on the pem key haven't been changed yet. However I can use the unaltered key to make an ssh connection when using other applications like MySQL workbench or FileZilla. Neither workbench nor filezilla throw any kind of error.

So how unsafe is it really to use the pem key as-is without first restricting its permissions via the command chmod 400 key.pem. Does it make the SSH connection less secure? I don't really understand what amazon means with 'to prevent the key from being publicly viewable'.

Thanks

Themen
Sicherheit, Identität & KonformitätKalkulation
Tags
AWS-SchlüsselverwaltungsserviceKalkulation
Sprache
English
Viridios
gefragt vor 2 Jahren5078 Aufrufe
1 Antwort
2
Akzeptierte Antwort

Your private key is like a password, and so it should only be accessible by YOU. Changing the permissions in Linux to 400 is recommended because it makes the private key file readable by you ONLY. In Windows, the equivalent would be removing all permissions from the private key, disabling inheritance, and giving yourself read permissions.

profile pictureAWS
EXPERTE
Matt-B
beantwortet vor 2 Jahren
profile pictureAWS
EXPERTE
Brettski-AWS
überprüft vor 2 Jahren
  • Viridios
    vor 2 Jahren

    thank you for your answer. So all chmod does is prevent other users on the same machine from accessing the .pem file correct? It does not improve the security of the ssh connection itself, right?

  • Matt-B EXPERTE
    vor 2 Jahren

    That correct, the ssh protocol/session is still encrypted and functions the same way.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt