[AWS] EC2 SSH Error — Fixing UNPROTECTED PRIVATE KEY FILE (.pem chmod 400)
1. The Error
When trying to SSH into an AWS EC2 instance, you sometimes get the following warning and are denied access.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for 'myKey.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "myKey.pem": bad permissions
ubuntu@{my-ip}: Permission denied (publickey).
The key part is Permissions for 'myKey.pem' are too open. In other words, the .pem key file's permissions are too open, so the system deemed it a security risk and blocked the connection.
Figure 1. The 'UNPROTECTED PRIVATE KEY FILE' warning when connecting via SSH
2. The Cause
For security, SSH clients on Linux/macOS are designed to use only keys that no one but the owner can read.
- The problematic permission —
0755or0644means other users (group, others) can also read this key. - The security rule — if a private key could be exposed to others, SSH doesn't trust it and refuses the connection.
3. The Fix: chmod 400
In the terminal, move to the directory with the key file (.pem) and change its permission to owner read-only (400) to fix it instantly.
# Change the pem key file permission to 400
chmod 400 myKey.pem
Note: if
400doesn't work, you can try600, but the AWS guide usually recommends400.
💡 What permission 400 means on Linux
| Target | Number | Meaning |
|---|---|---|
| Owner | 4 | Read only (no write/execute) |
| Group | 0 | No permissions |
| Others | 0 | No permissions |
4. Verify
After changing the permission, try connecting again.
ssh -i "myKey.pem" ubuntu@<Your-EC2-IP>
You can now confirm the instance connects normally without the warning.
📦 Migrated from my own Korean blog (my own writing). Original: taehyuklee.tistory.com/31
Comments