Certified Security - Specialty

Sign Up Free or Log In to participate!

Chmod 400

Why do permissions of a key need to be lowered (chmod400) when SSH-ing to EC2?  Maybe not an important detail, I’m not sure, but just curious why that is necessary… Thanks

1 Answers

Hi, great question – this is because you don’t want your private key to be publicly viewable.

Each SSH key pair includes two keys:

A public key which is publicly viewable and can encrypt data which can then only be read by the person who holds the corresponding private key. Once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file. 

A private key that remains only with the user/owner. The possession of this key is proof of the user’s identity. Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate successfully. The private keys need to be stored and handled carefully, and no copies of the private key should be distributed. The key should be kept private to you and should not be publicly readable. 

If you forget to set the permissions for your private key correctly, SSH will not allow you to use the key. 

Hope that helps! and there is a lot more detail here in the SSH documentation: 




Thank you for taking the time to answer my question, Faye. It’s the simple things that trip me up sometimes! Geez, well on my way to take the Sec Spec exam! Thank you and Ryan for all you do! I will let you know how I fare on the exam.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?