.ssh Directory Permissions: Configurations, Errors, and Solutions
The .ssh
directory is the heart of secure SSH connections, but errors in permissions can block access or expose sensitive data. This article explains how to:
- Correctly configure the permissions of the
.ssh
directory and its files. - Resolve common errors such as
ssh permission denied (publickey)
orbad permissions .ssh/known_hosts
. - Secure SSH keys with best practices.
1. Why are .ssh
directory permissions critical?
SSH (Secure Shell) requires that:
- The
.ssh
directory has permissions 700 (only the owner or "owner" can read/write). - The
id_rsa
(private key) files have permissions 600. - Files such as
authorized_keys
orknown_hosts
have permissions 644.
What if permissions are wrong?
ssh permission denied (publickey)
: SSH blocks access to prevent risks.error: bad permissions .ssh/known_hosts
: The file is editable by unauthorized users.
2. How to Configure Directory Permissions .ssh
Step 1: Check the directory structure
Make sure the directory exists in the user's home:
ls -al ~/.ssh
Step 2: Set the correct permissions
Directory .ssh:
chmod 700 ~/.ssh
Private key (e.g.
id_rsa
andid_ed25519
):chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_ed25519
File
authorized_keys
andknown_hosts
:chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts
Step 3: Check owner and group
The directory and files must belong to the correct user and group:
sudo chown -R $USER:$GROUP ~/.ssh
3. Summary of .ssh directory permissions
Element | Example | Numeric | Bitwise |
---|---|---|---|
SSSH directory | ~/.ssh | 700 | drwx------ |
Public key | ~/.ssh/id_rsa.pub | 644 | -rw-r--r-- |
Private Key | ~/.ssh/id_rsa | 600 | -rw------- |
Configuration | ~/.ssh/config | 600 | -rw------- |
Home Folder | ~ | 755 at most | drwxr-xr-x at most |
4. Troubleshooting Common Errors
Error 1: ssh permission denied (publickey)
Cause:
- Permissions too open on the
.ssh
directory or private key. - Incorrectly configured
authorized_keys
file.
Fix:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
Error 2: error: bad permissions .ssh/known_hosts
Cause:
- The file
known_hosts
has wrong permissions, permissions777
(rwx
) or is writable by others.
Fix:
chmod 644 ~/.ssh/known_hosts
Error 3: Problems with home directory
If the user's home
directory has too open permissions (e.g., 777), SSH will refuse access.
How to fix the permissions:
chmod 750 ~/
Best Practice for SSH Security
- Use
ssh-keygen -t ed25519
to generate cryptographically strong keys, with elliptic encryption. - Avoid 777 permissions on any files or folders, especially if connected to SSH.
- Automatize checks with Bash scripts or tools such as Ansible.
FAQ
Q1: Why should the .ssh
directory have permissions 700?
R: Permissions 700 ensure that only the owner can access the directory, preventing unauthorized reads.
Q2: How to check permissions with ssh -v
?
R: Use ssh -v user@host
for detailed debugging. The output will show errors like Permissions 0644 for 'id_rsa' are too open
.
Q3: What to do if I don't have root permissions?
R: Contact the system administrator or use chown
and chmod
with current user privileges.
SSSH errors such as permission denied (publickey)
or bad permissions
can compromise security and block access to servers. Our Linux experts will quickly resolve configuration issues and optimize your SSH infrastructure.