Share via:

Setting Permissions for .pem Key Files

If you do not set the permissions to read only, you might get errors like: Permission denied (publickey). This is how you configure permissions correctly.


Edited: 2019-08-11 18:13

Right permissions for .pem key files when using SSH or SFTP.

When connecting to EC2 instances in Amazon AWS through SSH, we need to ensure that the key file is read only. In Linux, this can be done by setting the .pem file permissions to 400 using chmod. To do this, you can either navigate to the directory where the key file is located, or you can type the full absolute path when changing permissions with chmod.

Confident users can type a command like below:

chmod 400 /some_dir/my-key.pem

Navigating in terminal is quite easy when you know where your files are located. To make things easier, you can simply keep your files in your Documents folder. You can change directories with the cd command, and you can complete file- and directory names by hitting tab and enter.

Note. path names are case-sensitive in Linux. This means that "documents" is different from "Documents".

Permissions for key files

Something that tend to cause problems for people using AWS (Amazon Web Services) to host their servers, is connecting to their servers using SSH in terminal. Typically people forget to configure the permissions on their key files, which leads to problems like this one:

Permissions 0777 for 'my-key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "my-key.pem": bad permissions
Permission denied (publickey).

The Permission denied (publickey) message indicates that the permissions on your key file are too open. Not necessarily as in "open to the world". But, if your system has multiple users, everyone on the system would be able to connect using your key file.

Ideally, you should also be able to change the permissions on the file using your desktop file manager. However, since this has caused problems for some, it is best you simply chmod 400 the file, as is also mentioned in the official Amazon help section.

Permissions in Linux

Working out how to set correct permissions in Linux can be fairly complicated for those of us coming from a Windows environment. Sometimes Linux is also a bit too restrictive and cumbersome, as it tend to unnecessarily disrupt users, and prevent them from doing their work. Permissions need to be correctly configured for certain things to work properly.

For local web servers, you need to setup permissions on the www directory, otherwise you will not be able to change the files on your local test site. This is not something your typical desktop user will run into. We have these problems because we work with servers, and so we might as well learn to setup permissions correctly from the beginning.

In this case, we only want our own user to be able to read the key file, so the permissions are 400, and we end up with:

chmod 400 /some_dir/my-key-pair.pem