How to Fix "WARNING: UNPROTECTED PRIVATE KEY FILE!" on Mac and Linux

When connecting to a server, you'll usually need some kind of authentication to log in, whether it be a username/password or key file. Usernames and passwords are pretty straight-forward, but things can get a bit more confusing when it comes to using private keys. Not only do you need to run SSH with extra commands, but it turns out that the key file itself needs to have certain properties.

Have you run in to the warning message below, and don't know how to fix it?

Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/path/to/my/key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /path/to/my/key.pem
Permission denied (publickey).

It's a common error to see when trying to log in to a server via SSH and a key file, and luckily it has a relatively easy fix. But before we get to that, let's get some background on why this error shows up.

Why am I seeing this Error?

What happened is the key you're trying to use (key.pem in the example above) is too accessible to users on the system.

This is a bad thing because then you're not the only one able to use the key, which defeats the purpose. Private keys should only be accessible to one user.

For example, if an attacker somehow gains access to any of the accounts on your system, then they'd be able access the key, as opposed to having to get access to your account specifically. This gives them too many opportunities to get to the private key.

How can I fix it?

Like I said earlier, this is an easy fix. Just run:

$ sudo chmod 600 /path/to/my/key.pem

Keep in mind that if you keep all of your keys in the ~/.ssh directory (or any other directory, really), you may need to adjust the permissions for that directory as well. In that case, use this:

$ sudo chmod 755 ~/.ssh

And that's all there is to it. Now you should be able to use your key with no problems.

Last Updated: August 1st, 2021
Was this article helpful?

Improve your dev skills!

Get tutorials, guides, and dev jobs in your inbox.

No spam ever. Unsubscribe at any time. Read our Privacy Policy.

© 2013-2024 Stack Abuse. All rights reserved.

AboutDisclosurePrivacyTerms