Permissions on ssh key files on Windows can be rather annoying. If you try to use ssh it will protest about the permissions and will stop the secure connection. On Linux, it is easy to modify the permissions with a chmod command (chmod 700 *.key).
Since originally writing this blog post, we came across a cmd (.bat) script that can alter the file permissions for Windows 10 and later (the basis of the script can be found here). With this script’s directory in the PATH variable, we can call it anywhere with the command protect-key.bat my-key-file.key, and it will correct the permissions accordingly.
To overcome the permissions issues, we need to make several changes to the file’s security properties to apply the following changes:
- Switch off inheritance using the Disable inheritance button (images 1 and 2 below)
- Remove grants to user groups other than Administrators (image 3)
- Remove users who do not needing access is recommended.
The following image shows the ideal end state:
You must be logged in to post a comment.