views:

6554

answers:

4

I'm working to set up Panda on an Amazon EC2 instance. I set up my account and tools last night and had no problem using SSH to interact with my own personal instance, but right now I'm not being allowed permission into Panda's EC2 instance. Getting Started with Panda

I'm getting the following error:

@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

Permissions 0644 for '~/.ec2/id_rsa-gsg-keypair' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.

I've chmoded my keypair to 600 in order to get into my personal instance last night, and experimented at length setting the permissions to 0 and even generating new key strings, but nothing seems to be working.

Any help at all would be a great help!

+2  A: 

Make sure that the directory containing the private key files is set to 700

Mark Biek
A: 

Hm, it seems as though unless permissions are set to 777 on the directory, the ec2-run-instances script is unable to find my keyfiles. I'm new to SSH so I might be overlooking something.

Bryan Woods
I don't know much about EC2 instances specifically. Generally though, you have your private key (600) in ~/.ssh (700).
Mark Biek
+2  A: 

I've chmoded my keypair to 600 in order to get into my personal instance last night,

And this is the way it is supposed to be.

From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.

The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.

Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.

Any problems you are having are client side, so be sure to include local OS information with any follow up questions!

Stu Thompson
A: 

ec2-run-instances should only require a keypair name, which is something that lives on Amazon's side. You only should be using your actual private key (the one on disk) when you SSH in. What error are you getting from ec2-run-instances?