Skip to content

Instantly share code, notes, and snippets.

@jaskiratr
Created June 29, 2018 01:03
Show Gist options
  • Save jaskiratr/cfacb332bfdff2f63f535db7efb6df93 to your computer and use it in GitHub Desktop.
Save jaskiratr/cfacb332bfdff2f63f535db7efb6df93 to your computer and use it in GitHub Desktop.
Set permission of file equivalent to chmod 400 on Windows.
# Source: https://stackoverflow.com/a/43317244
$path = ".\aws-ec2-key.pem"
# Reset to remove explict permissions
icacls.exe $path /reset
# Give current user explicit read-permission
icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"
# Disable inheritance and remove inherited permissions
icacls.exe $path /inheritance:r
@MassaAgustin
Copy link

MassaAgustin commented May 31, 2022

@audrew thank you!

@tfxdev
Copy link

tfxdev commented Aug 11, 2022

for windows users use:

icacls.exe your_key_name.pem /reset

icacls.exe your_key_name.pem /grant:r "$($env:username):(r)"

icacls.exe your_key_name.pem /inheritance:r

thats it! your keys.pem have same restrisctions as you use chmod 400

Awesome. Thanks a lot. It worked. Know more at https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-ssh-using-terminal

@acerteeganhe-oficial
Copy link

Thanks

@MahadebSen
Copy link

Thank you so much.

@lesau
Copy link

lesau commented Nov 26, 2022

I changed it by "%username%:(r)" and it worked properly.

Thanks, worked!

@YichuanSun
Copy link

Awesome!!!!! Thanks!!!!

@yyyoungha
Copy link

Thank you. Works nicely for me.

@Hossam-A
Copy link

thnx

@ShuiBaoer
Copy link

ty

@ijingo
Copy link

ijingo commented Mar 23, 2023

ty!

@nzuwera
Copy link

nzuwera commented Apr 11, 2023

Thanks it worked for me

@belongtothenight
Copy link

Somehow following the same steps, I got file permission of 0444, not 0400, and it's not accepted by Azure.

@Valentyn-Lukashuk
Copy link

Somehow following the same steps, I got file permission of 0444, not 0400, and it's not accepted by Azure.

same problem : (

@gonzalezivan90
Copy link

Works !
It doesn't convert it to:
-r--------
but to:
-r--r--r--

Still works for me

@brianobot
Copy link

If you prefer to do it from UI

  • select .pem file -> right click -> properties
  • Security > Advanced > Disable inheritance
  • Remove all Users
  • Add > Select a principal
  • In "Enter the object name to select" type your Windows username > ok
  • Give all permissions > ok > apply

Doing this, I still have an equivalent of 444 permission in the linux filesystem.

@RadioKame
Copy link

thanks!!

@insphere-ishwar
Copy link

https://gist.github.com/jaskiratr/cfacb332bfdff2f63f535db7efb6df93#gistcomment-3713676

for windows users use:
icacls.exe your_key_name.pem /reset
icacls.exe your_key_name.pem /grant:r "$($env:username):(r)"
icacls.exe your_key_name.pem /inheritance:r
thats it! your keys.pem have same restrisctions as you use chmod 400

Thanks @audrew !!! This worked for me.

@insphere-ishwar
Copy link

Thank you!!

@sachin-Telgote
Copy link

If you prefer to do it from UI

  • select .pem file -> right click -> properties
  • Security > Advanced > Disable inheritance
  • Remove all Users
  • Add > Select a principal
  • In "Enter the object name to select" type your Windows username > ok
  • Give all permissions > ok > apply

Thanks!

Thank You!!

@divyansh-11
Copy link

If you prefer to do it from UI

  • select .pem file -> right click -> properties
  • Security > Advanced > Disable inheritance
  • Remove all Users
  • Add > Select a principal
  • In "Enter the object name to select" type your Windows username > ok
  • Give all permissions > ok > apply

Thanks worked for me

Thank you

@divyansh-11
Copy link

Thank you

@garihc23
Copy link

garihc23 commented Jan 6, 2024

In windows 10, using the commands listed above I ran into the following error:

Invalid parameter "$($env:username):(r)"

so, I changed it by "%username%:(r)" and it worked properly. Thanks a lot!!!

Thanks...You saved the day!

@54keesh
Copy link

54keesh commented Feb 2, 2024

keep in mind that although both of these solutions perfectly work but itll still have owner group and other read permissions if sshing via wsl and might still give bad permisiions. so you need to ssh explicitly via powershell not wsl

@Hassan829
Copy link

This works Thanks alot

@yzuriaw
Copy link

yzuriaw commented Mar 21, 2024

Legend

@tonytwei
Copy link

thanks

@ShreePatil19
Copy link

Thank you so much this had been buggin me for quite a while...

@pierangelo
Copy link

In windows 10, using the commands listed above I ran into the following error:

Invalid parameter "$($env:username):(r)"

so, I changed it by "%username%:(r)" and it worked properly. Thanks a lot!!!

thanks!

@intothedeep
Copy link

Thank you

@SteverRobinson
Copy link

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment