使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Why should i change the permissions on the ssh pem file?

0

Amazon recommends to run the command chmod 400 key.pem on my pem key to prevent the key from being publicly viewable.

I am on a windows computer and i can't make an ssh connection with cmd.exe if the permissions on the pem key haven't been changed yet. However I can use the unaltered key to make an ssh connection when using other applications like MySQL workbench or FileZilla. Neither workbench nor filezilla throw any kind of error.

So how unsafe is it really to use the pem key as-is without first restricting its permissions via the command chmod 400 key.pem. Does it make the SSH connection less secure? I don't really understand what amazon means with 'to prevent the key from being publicly viewable'.

Thanks

主題
安全性、身分識別與合規運算
標籤
AWS Key Management Service運算
語言
English
Viridios
已提問 2 年前檢視次數 5078 次
1 個回答
2
已接受的答案

Your private key is like a password, and so it should only be accessible by YOU. Changing the permissions in Linux to 400 is recommended because it makes the private key file readable by you ONLY. In Windows, the equivalent would be removing all permissions from the private key, disabling inheritance, and giving yourself read permissions.

profile pictureAWS
專家
Matt-B
已回答 2 年前
profile pictureAWS
專家
Brettski-AWS
已審閱 2 年前
  • Viridios
    2 年前

    thank you for your answer. So all chmod does is prevent other users on the same machine from accessing the .pem file correct? It does not improve the security of the ssh connection itself, right?

  • Matt-B 專家
    2 年前

    That correct, the ssh protocol/session is still encrypted and functions the same way.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容