I am attempting to do a simple connection to a SSH server using OpenSSH for Windows using a private key, and am met with this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'private' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "private": bad permissions
On Linux, this is fixed with a simple chmod 600 on the private key file, however Windows does not have an equivalent method.
This sounds like something that should be pretty easy, but I am completely unable to find any reasonable solution to it. Is there a way to either add the private key directly without going through a file, or to skip this privacy check? Or am I missing something else entierly?
You can use icacls
in Windows instead of chmod
to adjust file permission. To give the current user read permission and remove everything else (Which will allow openssh to work), this works nicely:
Command Prompt:
icacls .\private.key /inheritance:r
icacls .\private.key /grant:r "%username%":"(R)"
In PowerShell, you can get icacls
to work by wrapping the command in a call to cmd.exe
icacls .\private.key /inheritance:r
start-process "icacls.exe" -ArgumentList '.\private.key /grant:r "$env:USERNAME":"(R)"'