pem ファイルの permission が開きすぎ得て ssh エラー
# 実行コマンド
[ec2-user@ip-10-7-0-106 tmp]$ ssh -i ./xxx_keypair.pem ec2-user@10.7.1.218
# エラー
The authenticity of host '10.7.1.218 (10.7.1.218)' can't be established.
ECDSA key fingerprint is SHA256:OxZAzo+x6ixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
ECDSA key fingerprint is MD5:34:e4:5a:aa:1b:34:e4:5a:aa:1b:34:e4:5a:aa:1b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.7.1.218' (ECDSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for './xxx_keypair.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "./xxx_keypair.pem": bad permissions
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[ec2-user@ip-10-7-0-106 tmp]$
Permissions 0664 for './xxx_keypair.pem' are too open.
It is required that your private key files are NOT accessible by others.
とのことで、指定した pem ファイルが許可されすぎ。Othersからアクセスできちゃだめとのことで
# permission を確認
[ec2-user@ip-10-7-0-106 tmp]$ ls -l
total 20
-rw-rw-r-- 1 ec2-user ec2-user 1734 Aug 12 2018 xxx_keypair.pem
たしかに other にも permission がついているので
# permission の変更
[ec2-user@ip-10-7-0-106 tmp]$ chmod 600 xxx_keypair.pem
[ec2-user@ip-10-7-0-106 tmp]$
# permission を再確認
[ec2-user@ip-10-7-1-218 tmp]$ ls -l
total 20
-rw------- 1 ec2-user ec2-user 1734 Apr 16 03:36 xxx_keypair.pem
[ec2-user@ip-10-7-1-218 tmp]$
再接続
[ec2-user@ip-10-7-0-106 tmp]$ ssh -i ./xxx_keypair.pem ec2-user@10.7.1.218
Last login: Mon Apr 19 11:50:52 2021 from ip-172-31-1-202.ap-northeast-1.compute.internal
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
[ec2-user@ip-10-7-1-218 ~]$
[ec2-user@ip-10-7-1-218 ~]$
[ec2-user@ip-10-7-1-218 ~]$
めでたしめでたし。