Why should i change the permissions on the ssh pem file?

Amazon recommends to run the command chmod 400 key.pem on my pem key to prevent the key from being publicly viewable.

I am on a windows computer and i can't make an ssh connection with cmd.exe if the permissions on the pem key haven't been changed yet. However I can use the unaltered key to make an ssh connection when using other applications like MySQL workbench or FileZilla. Neither workbench nor filezilla throw any kind of error.

So how unsafe is it really to use the pem key as-is without first restricting its permissions via the command chmod 400 key.pem. Does it make the SSH connection less secure? I don't really understand what amazon means with 'to prevent the key from being publicly viewable'.

Thanks

주제

보안, 신원 및 규정 준수 컴퓨팅

태그

AWS 키 관리 서비스 컴퓨팅

언어

English

Viridios

질문됨 2년 전5078회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

수락된 답변

Your private key is like a password, and so it should only be accessible by YOU. Changing the permissions in Linux to 400 is recommended because it makes the private key file readable by you ONLY. In Windows, the equivalent would be removing all permissions from the private key, disabling inheritance, and giving yourself read permissions.

전문가

Matt-B

답변함 2년 전

전문가

Brettski-AWS

검토됨 2년 전

Viridios
2년 전
thank you for your answer. So all chmod does is prevent other users on the same machine from accessing the .pem file correct? It does not improve the security of the ssh connection itself, right?
Matt-B 전문가
2년 전
That correct, the ssh protocol/session is still encrypted and functions the same way.

Why should i change the permissions on the ssh pem file?

관련 콘텐츠