We are moving to clouduncut.com
Learn more
Sep 12, 2021 3 min read

Setting up your SSH host file for Mac/ Linux & fix “Unprotected private key file” error

Setting up your SSH host file for Mac/ Linux & fix “Unprotected private key file” error


When you require access to a host or instance, you usually require some kind of authentication. Whether it be password, key files as well as a username. Utilising a username and password is relatively straightforward, but using a key file can sometimes be a bit fiddly, especially if you’ve not utilised any in a long while.

What we’ll do in this guide is set you up with a SSH host/config file to allow you easy access, every time, to your hosts or instances. If you’re connecting to a host on a regular basis, this should save you time in the long run.

When you use SSH via terminal for the first time on your machine, it automatically generates an SSH directory under ~/.ssh. If the directory never generated, please run the below command from your shell/ terminal.

mkdir -p ~/.ssh && chmod 700 ~/.ssh

Following this, you may also need to create the ssh configuration file. Have a look in your ~/.ssh directory and if the config file doesn’t exist, you can create it using the below command;

touch ~/.ssh/config
## make the file read/ write by the user only
chmod 600 ~/.ssh/config

SSH config file structure

A typical config file will look like something below;

Host hostname1
    SSH_OPTION value
    SSH_OPTION value

Host hostname2
    SSH_OPTION value

Host *
    SSH_OPTION value

What you’re typically doing is creating a list of known hosts in a config file, with certain criteria required for each entry. Indentation isn’t required, but does make it easier to read.

For these examples, I’ll demonstrate configuration for utilising a key file based entry and a host with basic configuration. In regards to SSH key files, it’s probably best to store them either in the root of the ~/.ssh directory, or a subfolder in the ~/.ssh directory.

On your command line in the ~/.ssh directory, run the command $ nano config. I chose nano, you can choose whatever terminal editor you’re comfortable with. (To exit nano, hold ctrl and hit X, save, and exit)

Example 1 - Basic host configuration

Host hodor
  User ubuntu
  Port 22

All we’re doing in this is stating that the host is named “hodor”, the HostName is the host IP, User is the username required for login/ auth, and a port of 22.

Now, to ssh to the host, instead of calling $ ssh ubuntu@, we can now simply run $ ssh hodor.

ssh hodor
ubuntu@'s password:

Example 2 - Host with key file

Before doing this, ensure you can access your host via normal methods with your key file.

ssh -i /path/to/keyfile hodor@

You may get a response from the command like the following;

Permissions 0644 for 'keyhole.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

The reason you’re seeing this is due to the key file being too open/ accessible to other users of your machine. Which isn’t a great thing by any stretch. So we need to lock this down, so only you can access/ utilise the key.

To do this, run the following;

sudo chmod 600 /path/to/keyfile.pem

Complete. Now let’s move onto creating the entries for this host.

Host hodor
  User ubuntu
  IdentityFile ~/.ssh/keyfile.pem
  Port 22

Exit out and save.

Now, instead of having to type out that long command earlier to ssh with a key file, you can now type;

ssh hodor

..and you’ll be taken straight to your instance secured with your key file.

Easy as that!

Any questions, please let me know in the comments.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Ducko - Infra & Cloud Blog.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.