Modify the permissions so that:

• The key file doesn't inherit from the container
• You (the owner) have full access
• Remove permission entries for any other users (e.g., SYSTEM, Administrator)
• Add an Entry for special user Everyone and edit the permissions for that user to Deny for all permissions:
  • Right click on the file in Windows Explorer and choose Properties > Security > Advanced, to get the Advanced Security Settings dialog.
  • Click on the Permissions tab, then click Change Permissions.
  • Click Add, enter Everyone into the object name field, click Check Names, then click OK.
  • In the Permission Entry dialog, click the checkbox in the Deny column for Full Control.
  • Click OK on each dialog to back out and close the file's properies dialog.

Now scp will read permissions 0400 and will be happy. Ish.

I've go same issue. The solution, which worked was to set compatibility mode of ssh.exe to Windows XP SP3.

For unix & OSX

Quite simply:

chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/

For Windows

If the file is a windows (NTFS) symbolic link, the above won't work. You need to make it a regular file. I am not sure why.

If you don't have openssh or cygwin, use chocolatey to install it easily using chocolatey.

choco install cyg-get

Open Cygwin Terminal that was installed with chocolatey and run (note that ssh-keygen creates new keys):

cyg-get install openssh
ssh-keygen
cd ~/.ssh && explorer.exe .

Verify keys are there (or replace them with the keys you want), and then in Cygwin shell:

chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/

Or for the rare case that you're using (and generated the keys from) chocolatey's SSH package:

chown -R $USER:users  /cygdrive/c/Users/$USER/.ssh
chmod -R 600 /cygdrive/c/Users/$USER/.ssh

I ran into the same problem on windows 10. I fixed it by adding my user and granting the Modify, Read & execute, Read and write permissions. I removed all other users. Here is what it looks like after removing all other permissions:

Today one of the recommended ways on Windows would be to use PowerShell and the Get-Acl and Set-Acl Cmdlets.

Here's an example to ensure that only the current user has permission to a folder and all files in it - similar to what is recommended for the .ssh folder in Unix/Linux/OS X:

# get current ACL of directory
$Acl = Get-Acl -Path $Directory

# remove inheritance ($true) and remove all existing rules ($false)
$Acl.SetAccessRuleProtection($true,$false)

# create new access rule for
# current user
# with FullControl permission
# enable inheritance for folders and files
# enable it for the specified folder as well
# allow these conditions 
$AcessRule = [System.Security.AccessControl.FileSystemAccessRule]::new(
    $env:USERNAME,
    "FullControl",
    ([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
    System.Security.AccessControl.PropagationFlags]::None,
    [System.Security.AccessControl.AccessControlType]::Allow)

# add access rule to empty ACL
$Acl.AddAccessRule($AcessRule)

# activate ACL on folder
Set-Acl -Path $SgwConfigDirectory -AclRule

For more details see

• FileSystemAccessRule-Class
• Set-Acl documentation

Not really answering the same question but I was able to connect to EC2 using these instructions:

SSH to EC2 linux instance from Windows