Ssh – the right file permission for a .pem file to SSH and SCP

I have tried to SSH into my AWS Ubuntu server and copy the directory to my local machine. Throughout the process I experience different file permission errors (noted below).

Is there one specific file permission needed for the .pem file that allows me to SSH and SCP?
Or do I need to change the file permission twice – once for SSH and another for SCP after I login?

Here are the commands I'm using:

SSH:

ssh -i sentiment.pem Todo@54.555.555.555

Copy from remote to local computer with:

scp Todo@54.555.555.555:/home/ubuntu/sentimentfolder /Users/Toga/Desktop/sentimentlocal

I'm on a Mac OS X 10.7.5.

Trial and Error:

After I initially downloaded the .pem file, its permissions were set to, I THINK: 0644

-rw-r--r--@ 1 Toga  staff  1692 Feb 18 21:27  sentiment.pem

I then tried to SSH via terminal and received the following:

WARNING: UNPROTECTED PRIVATE KEY FILE! 
Permissions 0644 for 'sentiment.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: sentiment.pem
Permission denied (publickey).

I updated the file permissions to:

chmod 660 sentiment.pem

After the update, the permissions were set to:

-rw-rw----@ 1 Toga  staff  1692 Feb 18 21:27 sentiment.pem

I then tried to SSH via terminal and received the following:

WARNING: UNPROTECTED PRIVATE KEY FILE! 
Permissions 0660 for 'sentiment.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: sentiment.pem
Permission denied (publickey).

I updated the file permissions to:
```
chmod 600 sentiment.pem
```
After the update, the permissions were set to:
```
-rw-------@ 1 Toga  staff 1692 Feb 18 21:27 sentiment.pem
```
I then tried to SSH via terminal and was successful!!

Now logged in, I run the a command to copy the remote directory to my local computer with:

scp Todo@54.555.555.555:/home/ubuntu/sentimentfolder /Users/Toga/Desktop/sentimentlocal

Which returns:

Permission denied (publickey).

SCP Commands Attempted:

added the option -i and referenced the .pem file:

scp -i sentiment.pem Todo@54.555.555.555:/home/ubuntu/sentimentfolder /Users/Toga/Desktop/sentimentlocal

added the option -i, referenced the .pem file, and changed the user for AWS to ec2-user:

scp -i sentiment.pem ec2-user@54.555.555.555:/home/ubuntu/sentimentfolder /Users/Toga/Desktop/sentimentlocal

added the option -i, referenced the .pem file, changed the user for AWS to ec2-user, and added the complete file path for the location of the .pem file:

scp -i /Users/Toga/Desktop/rollup/Personal/Serial_Project_Starter/sentiment/sentiment.pem ec2-user@54.555.555.555:/home/ubuntu/sentiment /Users/Toga/Desktop/sentimentlocal

Best Answer

Visit here How to Connect to Amazon EC2 Remotely Using SSH or refer below.

How to Connect to Amazon EC2 Remotely Using SSH:

Download the .pem file.
In Amazon Dashboard choose "Instances" from the left side bar, and then select the instance you would like to connect to.
Click on "Actions", then select "Connect"
Click on "Connect with a Standalone SSH Client"
Open up a Terminal window
Create a directory:
```
# mkdir -p ~/.ssh
```
Move the downloaded .pem file to the .ssh directory we just created:
```
# mv ~/Downloads/ec2private.pem ~/.ssh
```
Change the permissions of the .pem file so only the root user can read it:
```
# chmod 400 ~/.ssh/ec2private.pem
```

Create a config file:

# vim ~/.ssh/config

Enter the following text into that config file:

Host *amazonaws.com
IdentityFile ~/.ssh/ec2private.pem
User ec2-user

Save that file.

Use the ssh command with your public DNS hostname to connect to your instance.
e.g.:
```
# ssh ec2-54-23-23-23-34.example.amazonaws.com
```

Best Answer

Related Solutions

Ssh – How to stop ssh-agent trying all keys with agent forwarding

Related Question