Search code examples
keyopenssh

OpenSSH using private key on Windows ("Unprotected private key file" error)


I am attempting to do a simple connection to a SSH server using OpenSSH for Windows using a private key, and am met with this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'private' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "private": bad permissions

On Linux, this is fixed with a simple chmod 600 on the private key file, however Windows does not have an equivalent method.

This sounds like something that should be pretty easy, but I am completely unable to find any reasonable solution to it. Is there a way to either add the private key directly without going through a file, or to skip this privacy check? Or am I missing something else entierly?


Solution

  • You can use icacls in Windows instead of chmod to adjust file permission. To give the current user read permission and remove everything else (Which will allow openssh to work), this works nicely:

    Command Prompt:

    icacls .\private.key /inheritance:r
    icacls .\private.key /grant:r "%username%":"(R)"
    

    In PowerShell, you can get icacls to work by wrapping the command in a call to cmd.exe

    icacls .\private.key /inheritance:r
    start-process "icacls.exe" -ArgumentList '.\private.key /grant:r "$env:USERNAME":"(R)"'