出オチというかタイトル通りなのですが。
Windowsでsshコマンドを使う時に、自分だけ読み取り可能(Linuxにおける400とか600)にパーミッション設定してなくても、ssh接続できてしまってる気がします。
-
icacls "tsukamoto_20251023.pem"の結果を見る限り、自分以外にNT AUTHORITY\SYSTEMとBUILTIN\Administratorsにもフルアクセス権限があるまま。 - Amazon Linux 2にもAmazon Linux 2023にもこの鍵ファイルでssh接続成功している。
C:\Users\tsukamoto\Downloads>icacls "tsukamoto_20251023.pem"
tsukamoto_20251023.pem NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
NUCBOX_K6\tsukamoto:(F)
C:\Users\tsukamoto\Downloads>ssh -i "tsukamoto_20251023.pem" ec2-user@ec2-52-194-183-237.ap-northeast-1.compute.amazonaws.com
Last login: Thu Oct 23 12:23:00 2025 from 13.48.178.217.static.user.transix.jp
, #_
~\_ ####_ Amazon Linux 2
~~ \_#####\
~~ \###| AL2 End of Life is 2026-06-30.
~~ \#/ ___
~~ V~' '->
~~~ / A newer version of Amazon Linux is available!
~~._. _/
_/ _/ Amazon Linux 2023, GA and supported until 2028-03-15.
_/m/' https://aws.amazon.com/linux/amazon-linux-2023/
6 package(s) needed for security, out of 8 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-34-167 ~]$
C:\Users\tsukamoto\Downloads>ssh -i "tsukamoto_20251023.pem" ec2-user@ec2-18-183-130-117.ap-northeast-1.compute.amazonaws.com
The authenticity of host 'ec2-18-183-130-117.ap-northeast-1.compute.amazonaws.com (18.183.130.117)' can't be established.
ED25519 key fingerprint is SHA256:FNG9jw5T9msepSFNKaUUcm6G1nmwsEj6BI2Yr4me8eo.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ec2-18-183-130-117.ap-northeast-1.compute.amazonaws.com' (ED25519) to the list of known hosts.
, #_
~\_ ####_ Amazon Linux 2023
~~ \_#####\
~~ \###|
~~ \#/ ___ https://aws.amazon.com/linux/amazon-linux-2023
~~ V~' '->
~~~ /
~~._. _/
_/ _/
_/m/'
[ec2-user@ip-172-31-42-17 ~]$
以前はパーミッション変更が必要で、 icacls して使ってたはずなんだけど、仕様が変更されたりとかあったのかな…? 実行環境は以下。
C:\Users\tsukamoto\Downloads>ver
Microsoft Windows [Version 10.0.26200.6901]
C:\Users\tsukamoto\Downloads>ssh -V
OpenSSH_for_Windows_9.5p2, LibreSSL 3.8.2