0

I am using BitVise to communicate with my AWS instance.

From the last two days, I am not able to login with the pem file. Got the log from aws as follows,

    Starting sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @


    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
    It is required that your private key files are NOT accessible by others.
    This private key will be ignored.
    bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
    Could not load host key: /etc/ssh/ssh_host_rsa_key

the mistake was happened by setting 777 to ssh unfortunately.

What is the solution for this now? Cant able to connect using SSHClient to make the permission 400.

This is not a problem with pem file permission, the directory ssh has permission of 777.

  • It's the private key (that you have locally), not the public key (that sits on the instance). You just need to change the permissions of your local pem file to be `0600` otherwise OpenSSH will refuse to use it. – ydaetskcoR Oct 13 '16 at 12:06
  • Possible duplicate of [WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance](http://stackoverflow.com/questions/201893/warning-unprotected-private-key-file-when-trying-to-ssh-into-amazon-ec2-instan) – ydaetskcoR Oct 13 '16 at 12:07
  • That question mentions '~/.ec2/id_rsa-gsg-keypair'. This question is about the server's private key in /etc/ssh/ssh_host_rsa_key – Daniel Scott Oct 13 '16 at 12:11

1 Answers1

0

Assuming that you're using EBS for the root volume, you'd need to launch a new EC2 instance, and attach the root volume of your existing instance to the new one. Then you'd be able to mount the filesystem and change the permissions on the file.

Then re-attach the volume to your other instance and you should be able to get in.

Daniel Scott
  • 5,948
  • 2
  • 28
  • 50
  • This is wrong. The top related question on the sidebar is a duplicate of this question too. – ydaetskcoR Oct 13 '16 at 12:07
  • It's not a duplicate of the question you mentioned, the file in the message above is for the server's host key, not the user's private key in their home directory. – Daniel Scott Oct 13 '16 at 12:10
  • No, it's a private key called `ssh_host_rsa_key`, look at the actual error and how it specifically says "UNPROTECTED PRIVATE KEY FILE!" – ydaetskcoR Oct 13 '16 at 12:11
  • There are private keys on the client and the server.... the question states that the error message is from the *server*, not the client. – Daniel Scott Oct 13 '16 at 12:13
  • Yes @DanielScott, you understand the problem very well. I just followed the same thing and post a question in this. pls take a lool http://stackoverflow.com/questions/40017617/aws-volume-backup-empty and can you assist me in this/ –  Oct 13 '16 at 13:17