Why should i change the permissions on the ssh pem file?

Question

Amazon recommends to run the command `chmod 400 key.pem` on my pem key to prevent the key from being publicly viewable.

I am on a windows computer and i can't make an ssh connection with cmd.exe if the permissions on the pem key haven't been changed yet. However I _can_ use the unaltered key to make an ssh connection when using other applications like MySQL workbench or FileZilla.  Neither workbench nor filezilla throw any kind of error.

So how unsafe is it really to use the pem key as-is without first restricting its permissions via the command `chmod 400 key.pem`. Does it make the SSH connection less secure? I don't really understand what amazon means with 'to prevent the key from being publicly viewable'.

Thanks

Matt Barbieri · Accepted Answer

Your private key is like a password, and so it should only be accessible by YOU.  Changing the permissions in Linux to 400 is recommended because it makes the private key file readable by you ONLY.  In Windows, the equivalent would be removing all permissions from the private key, disabling inheritance, and giving yourself read permissions.

Eric Juvet · Answer

I am on Windows and having the same problem with the .pem permissions not being acceptable when trying to SSH.

I have modified permissions and am still having the same problem. I need more detail such as a step-by-step procedure with screen shots.

Why should i change the permissions on the ssh pem file?

Add your answer

Relevant content