Windows CHMOD 600
WindowsPermissionsSshSsh KeysWindows Problem Overview
I'm trying to connect to Amazon EC2 using OpenSSH in windows but I need to set the permissions of my key file.
What is the windows equivalent of CHMOD 600
?
I've googled extensively and found only blogspam.
EDIT: Windows 7, using DOS.
Windows Solutions
Solution 1 - Windows
I realize this is somewhat old but I just found the solution for myself in Windows 7. And it looks like this question went unresolved. I had all of the same errors including Cygwin missing cygintl-2.dll
on chmod
as you noted in the comments.
After extensive research and not finding any answers I ran:
C:\Users\mztriz\.ssh>ssh -v
> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 > usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] > [-D port] [-e escape_char] [-F configfile] [-i identity_file] > [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] > [-p port] [-R port:host:hostport] [user@]hostname [command]
As you can see the version of OpenSSH I was running was quite outdated. However, I didn't know this because a quick google search of OpenSSH for Windows
returns this old version.
After looking into the versioning I found OpenSSH for Windows 6.9p1-1 in the downloads section of that website.
This newer version of OpenSSH seems to fix all of the issues you mention.
Solution 2 - Windows
I ran into the same problem on windows 10. I fixed it by doing the following steps.
1:- Right-click on the target file and select properties
then select Security
Tab
2:- Click Advanced
and then make sure inheritance is disabled.
3:- Click apply
and then click Edit
in the security menu
4:- Remove
all users except Admin user, which should have full control
*Admin account should have all checkboxes checked on Allow
column except
special permission.
5:- Click Apply
and then click OK.
You are good to go.
This worked for Amazon EC2 .pem
file and gave almost the same working as Chmod 600 on Linux.
Solution 3 - Windows
Modify the permissions so that:
- The key file doesn't inherit from the container
- You (the owner) have full access
- Remove permission entries for any other users (e.g., SYSTEM, Administrator)
- Add an Entry for special user Everyone and edit the permissions for that user to Deny for all permissions:
- Right click on the file in Windows Explorer and choose Properties > Security > Advanced, to get the Advanced Security Settings dialog.
- Click on the Permissions tab, then click Change Permissions.
- Click Add, enter Everyone into the object name field, click Check Names, then click OK.
- In the Permission Entry dialog, click the checkbox in the Deny column for Full Control.
- Click OK on each dialog to back out and close the file's properies dialog.
Now scp will read permissions 0400 and will be happy. Ish.
Solution 4 - Windows
Right-click on the file/dir, select Properties then Security. Click Advanced, then Edit. Uncheck "Inheritable" and choose "Remove" in the dialog. Remove any explicit permissions left, add a "Full Access" permission to your username.
Solution 5 - Windows
For unix & OSX
Quite simply:
chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/
For Windows
If the file is a windows (NTFS) symbolic link, the above won't work. You need to make it a regular file. I am not sure why.
If you don't have openssh or cygwin, use chocolatey to install it easily using chocolatey.
choco install cyg-get
Open Cygwin Terminal that was installed with chocolatey and run (note that ssh-keygen
creates new keys):
cyg-get install openssh
ssh-keygen
cd ~/.ssh && explorer.exe .
Verify keys are there (or replace them with the keys you want), and then in Cygwin shell:
chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/
Or for the rare case that you're using (and generated the keys from) chocolatey's SSH package:
chown -R $USER:users /cygdrive/c/Users/$USER/.ssh
chmod -R 600 /cygdrive/c/Users/$USER/.ssh
Solution 6 - Windows
I've go same issue. The solution, which worked was to set compatibility mode of ssh.exe to Windows XP SP3.
Solution 7 - Windows
I prefer Cygwin over putty and you can just run chmod command in cygwin to change the permission of PEM key to be 400, then you are good to go.
myuser@myuser-HP ~
$ ssh -i /cygdrive/c/Users/myuser/Downloads/mykey.pem [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0550 for '/cygdrive/c/Users/myuser/Downloads/mykey.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/cygdrive/c/Users/myuser/Downloads/mykey.pem": bad permissions
Permission denied (publickey).
myuser@myuser-HP ~
$ chmod
chmod: missing operand
Try 'chmod --help' for more information.
myuser@myuser-HP ~
$ chmod 400 /cygdrive/c/Users/myuser/Downloads/mykey.pem
myuser@myuser-HP ~
$ ssh -i /cygdrive/c/Users/myuser/Downloads/meykey.pem [email protected]
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2015.09-release-notes/
[ec2-user@ip-xxx ~]$ ohyeah I am in!
Solution 8 - Windows
chmod won't work in windows. Try the following method to restrict the access
- Right click on the file > properties > security > advanced > disable inheritance > 'Convert inherited permissions into explicit permission on this object'
- Click on "allow | everyone | Full Control" > edit > 'select a principal' > type your username > 'check names' > select your username > ok > ok > ok (ok until all windows are closed)
Solution 9 - Windows
Today one of the recommended ways on Windows would be to use PowerShell and the Get-Acl
and Set-Acl
Cmdlets.
Here's an example to ensure that only the current user has permission to a folder and all files in it - similar to what is recommended for the .ssh
folder in Unix/Linux/OS X:
# get current ACL of directory
$Acl = Get-Acl -Path $Directory
# remove inheritance ($true) and remove all existing rules ($false)
$Acl.SetAccessRuleProtection($true,$false)
# create new access rule for
# current user
# with FullControl permission
# enable inheritance for folders and files
# enable it for the specified folder as well
# allow these conditions
$AcessRule = [System.Security.AccessControl.FileSystemAccessRule]::new(
$env:USERNAME,
"FullControl",
([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow)
# add access rule to empty ACL
$Acl.AddAccessRule($AcessRule)
# activate ACL on folder
Set-Acl -Path $Directory -AclObject $Acl
For more details see
Solution 10 - Windows
I've go same issue. The solution, which worked was to set compatibility mode of ssh.exe to Windows XP SP3.
-> This answer works for windows 7
Solution 11 - Windows
As an analogue of chmod
in Windows, you can use the icacls
command.
Equivalent of chmod 600 <filename>
in windows will be:
# Add explicit R+W permissions for current user.
icacls <filename> /grant %username%:rw
# Disable inheritance from folders
icacls <filename> /inheritance:d
# Remove default groups (Authenticated Users, System, Administrators, Users)
icacls <filename> /remove *S-1-5-11 *S-1-5-18 *S-1-5-32-544 *S-1-5-32-545
To check current permissions:
icacls <filename>
Reset all permissions to default:
icacls <filename> /reset
Solution 12 - Windows
Not really answering the same question but I was able to connect to EC2 using these instructions:
https://stackoverflow.com/questions/5264945/ssh-to-ec2-linux-instance-from-windows
Solution 13 - Windows
Copy the file to Unix system throug scp and make chmod 600 to file. Then transfer file back to Windows machine. It worked for me.