More on SSH and PKI - Setting the appropriate permissions on your private key files

Following my earlier post: -

PKI - Using Public and Private Keys to access Linux via SSH

it's worth noting that Linux will attempt to help you out by warning you if your private key files have inappropriately weak permissions, as per this example: -

ssh-keygen -y -e -f ~/Downloads/foobar.cer 

which returns: -

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/davidhay/Downloads/foobar.cer' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/davidhay/Downloads/foobar.cer": bad permissions

This is what the file looks like post-download: -

ls -al ~/Downloads/foobar.cer 

-rw-r--r--@ 1 davidhay  staff  1683 29 Dec 11:08 /Users/davidhay/Downloads/foobar.cer

Source http://ss64.com/bash/chmod.html

Once I change it to 400: -

chmod 400 ~/Downloads/foobar.cer 

which means: -

Source http://ss64.com/bash/chmod.html

or: -

-r--------@ 1 davidhay  staff  1683 29 Dec 11:08 /Users/davidhay/Downloads/foobar.cer

all is well

ssh-keygen -y -e -f ~/Downloads/foobar.cer 

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by 
dave@mac"
AAAAB3NzaC1yc7EAAAAAAQABAAABAQAAutYt3P7YNNOWG6Ve/xTpeNnkNwAARBzb0jiA7/
A7XT5x0xOVXrwrlefIU6ZFBfR1QLc54xCWPk7j77u4ZfsUE57+rSfFFHAm3T7/H5GVW7Ct
tS7mB/UoiXJtfOo9uNHNSrSOOqAQKAtAAprKzghREhoroIeb65TkzpA6cfAAmcE+ySCTNS
li7sALtAnBwCwFJGQUBKot77Xce1q04uhr9sYknOvRAVmTaihYAeaSgLh+UTAIeJ4/AABP
7+gAyuHK6pPJ9WEyUGHh3HAUio8o3uAx8VoZfnE+Y79y5XIpWT6+xrSG4XskRjPAy+9JsR
bsm3jS3qi08T649/aLL67A
---- END SSH2 PUBLIC KEY ——