"UNPROTECTED PRIVATE KEY FILE!" Error using SSH into Amazon EC2 Instance (AWS)

The problem is having wrong mod on the file.

Easily solved by executing -

chmod 400 mykey.pem

Taken from AWS instructions -

Your key file must not be publicly viewable for SSH to work. Use this command if needed: chmod 400 mykey.pem

400 protects it by making it read only and only for the owner.

---

You are likely using the wrong username to login, because—

Most Ubuntu images have a user ubuntu

Amazon's AMI is ec2-user

Most Debian images have either root or admin

To login, you need to adjust your ssh command:

ssh -l USERNAME_HERE -i .ssh/yourkey.pem public-ec2-host

---

I know this is very late to the game ... but this always works for me:

step 1

ssh-add ~/.ssh/KEY_PAIR_NAME.pem

step 2, simply ssh in :)

ssh user_name@<instance public dns/ip>

e.g.

ssh ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com

hope this helps someone.

---

Ok man, the only thing that worked for me was:

Change permissions of the key chmod 400 mykey.pem Make sure to log in using ec2-user, and the correct ec2-99... address. The ec2-99 address is at the bottom of the aws console when you're logged in and seeing your instance listed ssh -i mykey.pem ec2-user@ec2-99-99-99-99.compute-1.amazonaws.com

---

Take a look at this article. You do not use the public DNS but rather the form

ssh -i your.pem root@ec2-XXX-XXX-XXX-XXX.z-2.compute-1.amazonaws.com

where the name is visible on your AMI panel

---

In windows you can go to the properties of the pem file, and go to the security tab, then to advance button.

remove inheritance and all the permissions. then grant yourself the full control. after all SSL will not give you the same error again.

---

Change permission for the key file with :

chmod 400 key-file-name.pem

See AWS documentation for connecting to the instance:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html#EC2_ConnectToInstance_Linux

---

I know this question has been answered already but for those that have tried them all and you are still getting the annoying "Permission denied (publickey)". Try running your command with SUDO. Of course this is a temporary solution and you should set permissions correctly but at least that will let you identify that your current user is not running with the privileges you need (as you assumed)

sudo ssh -i amazonec2.pem ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com

Once you do this you'll get a message like this:

Please login as the user "ec2-user" rather than the user "root"

Which is also sparsely documented. In that case just do this:

sudo ssh -i amazonec2.pem ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com -l ec2-user

And you'll get the glorious:

   __|  __|_  )
   _|  (     /   Amazon Linux AMI
  ___|\___|___|

---

Feb, 2022 Update:

See the description to ssh to EC2 instance on AWS:

https://i.stack.imgur.com/lq3rQ.png

Then, you can find "No.3" saying this below:

https://i.stack.imgur.com/Kjbju.png

So, run the command below as "No.3" says above:

chmod 400 myKey.pem

---

In Mac terminal, doing "chmod 400 xyz.pem" did not help me, it kept saying permission denied. For ubuntu users I would suggest

ssh-add xyz.pem ssh -i xyz.pem ubuntu@ec2-54-69-172-118.us-west-2.compute.amazonaws.com (notice the user is ubuntu)

---

ssh -i /.pem user@host-machine-IP

I think it's because either you have entered wrong credentials or, you are using a public key rather than private key or, your port permissions are open for ALL to ssh. This is bad for Amazon.

---

There can be three reasons behind this error.

Your are using a wrong key. Your key doesn't have the correct permissions. You need to chmod it to 400. You are using the wrong user. Ubuntu images have a user ubuntu, Amazon's AMI is ec2-user and debian images have either root or admin

---

SSH keys and file permission best practices:

.ssh directory - 0700 (only by owner)

private key/.pem file - 0400 (read only by owner)

public key/.pub file - 0600 (read & write only by owner) chmod XXXX file/directory

---

Alternative log-in using PuTTY. Its good but needs a few steps.

Get your .pem that was generated when you first made the EC2 instance. Convert the .pem file .ppk using PuttyGen since PuTTY does not read .pem. Open PuTTY and enter your Host Name which is your instance username + Public DNS (Ex. ubuntu@ec2-xxx-xxx-xxx-xxx.region.compute.amazonaws.com). Not your AWS account username. Then navigate to Connection > SSH > Auth. Then add your .ppk file. Click on Browse where it says "Private key file for authentication". Click Open and you should be able to immediately establish connection.

Im using PuTTY 0.66 in Windows.

---

In addition to the other answers, here is what I did in order for this to work:

Copy the key to .ssh folder if you still hadn't:

cp key.pem ~/.ssh/key.pem

Give the proper permissions to the key

chmod 400 ~/.ssh/key.pem

Start ssh-agent (Thanks to https://stackoverflow.com/a/17848593 )

eval `ssh-agent -s` ssh-add

Then, add the key

ssh-add ~/.ssh/key.pem

Now you should be able to ssh EC2 (:

---

By default whenever you download the keyfile it come with 644 permissions.

So you need to change the permission each time you download new keys.

 chmod 400 my_file.pem

---

In Windows go to the .pem file, right click and select Properties.

Go to Advanced in Security tab

Disable and remove inheritance.

Then press Add and select a principal.

Add account username as object name and press ok.

Give all permission.

Apply and save changes.

Now check the above command

---

You can find the answer from the ASW guide. 400 protects it by making it read only and only for the owner.

chmod 400 mykey.pem

---

In windows,

Right click on the pem file. Then select properties.

Select security tab --> Click on the Advanced button --> Disable inheritance --> Remove all inherited permissions from this object

Click on the Add button --> Select a principal --> Enter your username on the inputbox --> Click on the Check Names button --> Click on Ok --> Click on Ok --> Click on Ok --> Click on Ok

---

Do a chmod 400 yourkeyfile.pem If your instance is Amazon linux then use ssh -i yourkeyfile.pem ec2-user@ip for ubuntu ssh -i yourkeyfile.pem ubuntu@ip for centos ssh -i yourkeyfile.pem centos@ip

---

BY default permission are not allowing the pem key. You just have to change the permission:

chmod 400 xyz.pem

and if ubuntu instance then connect using:

ssh -i xyz.pem ubuntu@ec2-youraws.amazonaws.com

---

The issue for me was that my .pem file was in one of my NTFS partitions. I moved it to my linux partition (ext4).

Gave required permissions by running:

chmod 400 my_file.pem

And it worked.

---

I have seen two reasons behind this issue

1) access key does not have the right permission. pem keys with default permission are not allowed to make a secure connection. You just have to change the permission:

chmod 400 xyz.pem

2) Also check whether you have logged-in with proper user credentials. Otherwise, use sudo while connecting

sudo ssh -i {keyfile} ec2-user@{ip address of remote host}

---

Well, looking at your post description I feel there were 2 mistakes done by you:-

Set correct permissions for the private key. Below command should help you to set correct file permision. chmod 0600 mykey.pem Wrong ec2 user you are trying to login. Looking at your debug log I think you have spawned an Amazon linux instance. The default user for that instance type is ec2-user . If the instance would have been ubuntu then your default user would have been ubuntu . ssh -i privatekey.pem default_ssh_user@server_ip

Note: For an Amazon Linux AMI, the default user name is ec2-user. For a Centos AMI, the default user name is centos. For a Debian AMI, the default user name is admin or root. For a Fedora AMI, the default user name is ec2-user or fedora. For a RHEL AMI, the default user name is ec2-user or root. For a SUSE AMI, the default user name is ec2-user or root. For an Ubuntu AMI, the default user name is ubuntu. Otherwise, if ec2-user and root don't work, check with the AMI provider.

source: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

---

Key file should not be publicly viewable so use permission 400

chmod 400 keyfile.pem

If above command shows permission error use

sudo chmod 400 keyfile.pem

Now ssh into the ec2 machine, if you still face the issue, use ec2-user

ssh -i keyfile.pem ec2-user@ec2-12-34-56-78.compute-1.amazonaws.com

---

You're not in root then run this command

sudo chmod 400 -R myfile.pem

Not is root then run this command

chmod 400 -R myfile.pem

---

If you are connecting from Windows, perform the following steps on your local computer.

Navigate to your .pem file. Right-click on the .pem file and select Properties. Choose the Security tab. Select Advanced. Verify that you are the owner of the file. If not, change the owner to your username. Select Disable inheritance and Remove all inherited permissions from this object. Select Add, Select a principal, enter your username, and select OK. From the Permission Entry window, grant Read permissions and select OK. Click Apply to ensure all settings are saved. Select OK to close the Advanced Security Settings window. Select OK to close the Properties window. You should be able to connect to your Linux instance from Windows via SSH.

From a Windows command prompt, run the following commands.

Run the following command to reset and remove explicit permissions: icacls.exe $path /reset Run the following command to grant Read permissions to the current user: icacls.exe $path /GRANT:R "$($env:USERNAME):(R)" Run the following command to disable inheritance and remove inherited permissions : icacls.exe $path /inheritance:r

You should be able to connect to your Linux instance from Windows via SSH.

---

It is just a permission issue with your aws pem key.

Just change the permission of pem key to 400 using below command.

chmod 400 pemkeyname.pem

If you don't have permission to change the permission of a file you can use sudo like below command.

sudo chmod 400 pemkeyname.pem

Else if nothing works for you just follow this video to change the keys on your EC2 instance. You can install now public / private key pair on your instance.

https://youtu.be/LvLlRCrS8B4

---

Checklist:

Are you using the right private key .pem file? Are its permissions set correctly? (My Amazon-brand AMIs work with 644, but Red hat must be at least 600 or 400. Don't know about Ubuntu.) Are you using the right username in your ssh line? Amazon-branded = "ec2-user", Red Hat = "root", Ubuntu = "ubuntu". User can be specified as "ssh -i pem usename@hostname" OR "ssh -l username -i pem hostname"

---

Following are the simple steps for Linux user to connect with the server using .pem file:

Step1: To to the location of pem file and copy it to home .ssh location.

cp example.pem ~/.ssh/example.pem

Step2: Change the permission

chmod 400 ~/.ssh/example.pem

Step3: Run the following command

ssh -i ~/.ssh/example.pem ec2-user@host.com

As this command is too long so you sould create the alias of this using following commands:

 vim ~/.bashrc

Write the same command in the following manner at the last.

alias sshConnect='ssh -i ~/.ssh/example.pem ec2-user@host.com'

Now restart your system and use sshConnect to connect with your server.

---