Solving SSH Connection Issues on macOS: A Guide to Fixing ‘Unprotected Private Key File’ Error

When working with AWS EC2 instances, particularly from a macOS environment, a common hurdle that many face is the Unprotected Private Key File error during SSH connections. This error can halt your workflow, preventing access to your remote servers. Understanding and resolving this error is crucial for maintaining a secure and efficient development environment.

Understanding the Error

The error typically reads:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'ec2-demo.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "ec2-demo.pem": bad permissions
ec2-user@3.8x.6x.1xx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

This error occurs because the SSH protocol requires that your private key files are kept secure and not accessible by other users on your system. The recommended permissions for these files are 600, allowing only the file’s owner to read and write.

The Solution

Step 1: Open Terminal

Launch the Terminal application on your macOS. This is where you’ll execute commands to modify file permissions.

Step 2: Navigate to the Key File

Use the cd command to navigate to the directory containing your .pem file. For example:

1

cd /path/to/your/key

Replace /path/to/your/key with the actual path to your .pem file.

Step 3: Change File Permissions

Once in the correct directory, run:

1

chmod 600 ec2-demo.pem

This command changes the file permissions to 600, restricting access to only the file’s owner.

Step 4: Retry SSH Connection

After updating the permissions, connect to your EC2 instance:

1

ssh -i /path/to/ec2-demo.pem ec2-user@3.8x.6x.1xx

Replace /path/to/ with the actual path to your .pem file.

Cheers! 🍺