.ssh Directory Permissions: Configurations, Errors, and Solutions
The .ssh directory is the heart of secure SSH connections, but errors in permissions can block access or expose sensitive data. This article explains how to:
- Correctly configure the permissions of the
.sshdirectory and its files. - Resolve common errors such as
ssh permission denied (publickey)orbad permissions .ssh/known_hosts. - Secure SSH keys with best practices.
1. Why are .ssh directory permissions critical?
SSH (Secure Shell) requires that:
- The
.sshdirectory has permissions 700 (only the owner or "owner" can read/write). - The
id_rsa(private key) files have permissions 600. - Files such as
authorized_keysorknown_hostshave permissions 644.
What if permissions are wrong?
ssh permission denied (publickey): SSH blocks access to prevent risks.error: bad permissions .ssh/known_hosts: The file is editable by unauthorized users.
2. How to Configure Directory Permissions .ssh
Step 1: Check the directory structure
Make sure the directory exists in the user's home:
ls -al ~/.ssh Step 2: Set the correct permissions
Directory .ssh:
chmod 700 ~/.sshPrivate key (e.g.
id_rsaandid_ed25519):chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_ed25519File
authorized_keysandknown_hosts:chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts
Step 3: Check owner and group
The directory and files must belong to the correct user and group:
sudo chown -R $USER:$GROUP ~/.ssh3. Summary of .ssh directory permissions
| Element | Example | Numeric | Bitwise |
|---|---|---|---|
| SSSH directory | ~/.ssh | 700 | drwx------ |
| Public key | ~/.ssh/id_rsa.pub | 644 | -rw-r--r-- |
| Private Key | ~/.ssh/id_rsa | 600 | -rw------- |
| Configuration | ~/.ssh/config | 600 | -rw------- |
| Home Folder | ~ | 755 at most | drwxr-xr-x at most |
4. Troubleshooting Common Errors
Error 1: ssh permission denied (publickey)
Cause:
- Permissions too open on the
.sshdirectory or private key. - Incorrectly configured
authorized_keysfile.
Fix:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsaError 2: error: bad permissions .ssh/known_hosts
Cause:
- The file
known_hostshas wrong permissions, permissions777(rwx) or is writable by others.
Fix:
chmod 644 ~/.ssh/known_hostsError 3: Problems with home directory
If the user's home directory has too open permissions (e.g., 777), SSH will refuse access.
How to fix the permissions:
chmod 750 ~/Best Practice for SSH Security
- Use
ssh-keygen -t ed25519to generate cryptographically strong keys, with elliptic encryption. - Avoid 777 permissions on any files or folders, especially if connected to SSH.
- Automatize checks with Bash scripts or tools such as Ansible.
FAQ
Q1: Why should the .ssh directory have permissions 700?
R: Permissions 700 ensure that only the owner can access the directory, preventing unauthorized reads.
Q2: How to check permissions with ssh -v?
R: Use ssh -v user@host for detailed debugging. The output will show errors like Permissions 0644 for 'id_rsa' are too open.
Q3: What to do if I don't have root permissions?
R: Contact the system administrator or use chown and chmod with current user privileges.
SSSH errors such as permission denied (publickey) or bad permissions can compromise security and block access to servers. Our Linux experts will quickly resolve configuration issues and optimize your SSH infrastructure.
