I'm trying to connect to Amazon EC2 using OpenSSH in windows but I need to set the permissions of my key file.

What is the windows equivalent of CHMOD 600?

I've googled extensively and found only blogspam.

EDIT: Windows 7, using DOS.

I realize this is somewhat old but I just found the solution for myself in Windows 7. And it looks like this question went unresolved. I had all of the same errors including Cygwin missing cygintl-2.dll on chmod as you noted in the comments.

After extensive research and not finding any answers I ran:

C:\Users\mztriz\.ssh>ssh -v

OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] [-p port] [-R port:host:hostport] [user@]hostname [command]

As you can see the version of OpenSSH I was running was quite outdated. However, I didn't know this because a quick google search of OpenSSH for Windows returns this old version.

After looking into the versioning I found OpenSSH for Windows 6.9p1-1 in the downloads section of that website.

This newer version of OpenSSH seems to fix all of the issues you mention.

Modify the permissions so that:

• The key file doesn't inherit from the container
• You (the owner) have full access
• Remove permission entries for any other users (e.g., SYSTEM, Administrator)
• Add an Entry for special user Everyone and edit the permissions for that user to Deny for all permissions:
  • Right click on the file in Windows Explorer and choose Properties > Security > Advanced, to get the Advanced Security Settings dialog.
  • Click on the Permissions tab, then click Change Permissions.
  • Click Add, enter Everyone into the object name field, click Check Names, then click OK.
  • In the Permission Entry dialog, click the checkbox in the Deny column for Full Control.
  • Click OK on each dialog to back out and close the file's properies dialog.

Now scp will read permissions 0400 and will be happy. Ish.

I've go same issue. The solution, which worked was to set compatibility mode of ssh.exe to Windows XP SP3.

Right-click on the file/dir, select Properties then Security. Click Advanced, then Edit. Uncheck "Inheritable" and choose "Remove" in the dialog. Remove any explicit permissions left, add a "Full Access" permission to your username.

I prefer Cygwin over putty and you can just run chmod command in cygwin to change the permission of PEM key to be 400, then you are good to go.

myuser@myuser-HP ~
$ ssh -i /cygdrive/c/Users/myuser/Downloads/mykey.pem ec2-user@xx.xx.xx.xx
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0550 for '/cygdrive/c/Users/myuser/Downloads/mykey.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/cygdrive/c/Users/myuser/Downloads/mykey.pem": bad permissions
Permission denied (publickey).

myuser@myuser-HP ~
$ chmod
chmod: missing operand
Try 'chmod --help' for more information.

myuser@myuser-HP ~
$ chmod 400 /cygdrive/c/Users/myuser/Downloads/mykey.pem

myuser@myuser-HP ~
$ ssh -i /cygdrive/c/Users/myuser/Downloads/meykey.pem ec2-user@xx.xx.xx.xx

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2015.09-release-notes/
[ec2-user@ip-xxx ~]$ ohyeah I am in!

For unix & OSX

Quite simply:

chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/

For Windows

If the file is a windows (NTFS) symbolic link, the above won't work. You need to make it a regular file. I am not sure why.

If you don't have openssh or cygwin, use chocolatey to install it easily using chocolatey.

choco install cyg-get

Open Cygwin Terminal that was installed with chocolatey and run (note that ssh-keygen creates new keys):

cyg-get install openssh
ssh-keygen
cd ~/.ssh && explorer.exe .

Verify keys are there (or replace them with the keys you want), and then in Cygwin shell:

chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/

Or for the rare case that you're using (and generated the keys from) chocolatey's SSH package:

chown -R $USER:users  /cygdrive/c/Users/$USER/.ssh
chmod -R 600 /cygdrive/c/Users/$USER/.ssh

I ran into the same problem on windows 10. I fixed it by adding my user and granting the Modify, Read & execute, Read and write permissions. I removed all other users. Here is what it looks like after removing all other permissions:

I've go same issue. The solution, which worked was to set compatibility mode of ssh.exe to Windows XP SP3.

-> This answer works for windows 7

Today one of the recommended ways on Windows would be to use PowerShell and the Get-Acl and Set-Acl Cmdlets.

Here's an example to ensure that only the current user has permission to a folder and all files in it - similar to what is recommended for the .ssh folder in Unix/Linux/OS X:

# get current ACL of directory
$Acl = Get-Acl -Path $Directory

# remove inheritance ($true) and remove all existing rules ($false)
$Acl.SetAccessRuleProtection($true,$false)

# create new access rule for
# current user
# with FullControl permission
# enable inheritance for folders and files
# enable it for the specified folder as well
# allow these conditions 
$AcessRule = [System.Security.AccessControl.FileSystemAccessRule]::new(
    $env:USERNAME,
    "FullControl",
    ([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
    System.Security.AccessControl.PropagationFlags]::None,
    [System.Security.AccessControl.AccessControlType]::Allow)

# add access rule to empty ACL
$Acl.AddAccessRule($AcessRule)

# activate ACL on folder
Set-Acl -Path $SgwConfigDirectory -AclRule

For more details see

• FileSystemAccessRule-Class
• Set-Acl documentation

Not really answering the same question but I was able to connect to EC2 using these instructions:

SSH to EC2 linux instance from Windows

Copy the file to Unix system throug scp and make chmod 600 to file. Then transfer file back to Windows machine. It worked for me.