By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Why should i change the permissions on the ssh pem file?

0

Amazon recommends to run the command chmod 400 key.pem on my pem key to prevent the key from being publicly viewable.

I am on a windows computer and i can't make an ssh connection with cmd.exe if the permissions on the pem key haven't been changed yet. However I can use the unaltered key to make an ssh connection when using other applications like MySQL workbench or FileZilla. Neither workbench nor filezilla throw any kind of error.

So how unsafe is it really to use the pem key as-is without first restricting its permissions via the command chmod 400 key.pem. Does it make the SSH connection less secure? I don't really understand what amazon means with 'to prevent the key from being publicly viewable'.

Thanks

Topics
Security, Identity, & ComplianceCompute
Tags
AWS Key Management ServiceCompute
Language
English
Viridios
asked 2 years ago4934 views
1 Answer
2
Accepted Answer

Your private key is like a password, and so it should only be accessible by YOU. Changing the permissions in Linux to 400 is recommended because it makes the private key file readable by you ONLY. In Windows, the equivalent would be removing all permissions from the private key, disabling inheritance, and giving yourself read permissions.

profile pictureAWS
EXPERT
Matt-B
answered 2 years ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed 2 years ago
  • Viridios
    2 years ago

    thank you for your answer. So all chmod does is prevent other users on the same machine from accessing the .pem file correct? It does not improve the security of the ssh connection itself, right?

  • Matt-B EXPERT
    2 years ago

    That correct, the ssh protocol/session is still encrypted and functions the same way.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content