Skip to main content

.ssh Directory Permissions: Configurations, Errors, and Solutions

The .ssh directory is the heart of secure SSH connections, but errors in permissions can block access or expose sensitive data. This article explains how to:

  • Correctly configure the permissions of the .ssh directory and its files.
  • Resolve common errors such as ssh permission denied (publickey) or bad permissions .ssh/known_hosts.
  • Secure SSH keys with best practices.

Optimize Your Company's SSH Security

Avoid unauthorized access: our Linux experts configure SSH to protect critical servers and data.

1. Why are .ssh directory permissions critical?

SSH (Secure Shell) requires that:

  • The .ssh directory has permissions 700 (only the owner or "owner" can read/write).
  • The id_rsa (private key) files have permissions 600.
  • Files such as authorized_keys or known_hosts have permissions 644.

What if permissions are wrong?

  • ssh permission denied (publickey): SSH blocks access to prevent risks.
  • error: bad permissions .ssh/known_hosts: The file is editable by unauthorized users.

2. How to Configure Directory Permissions .ssh

Step 1: Check the directory structure

Make sure the directory exists in the user's home:

ls -al ~/.ssh 

Step 2: Set the correct permissions

  • Directory .ssh:

    chmod 700 ~/.ssh 
  • Private key (e.g. id_rsa and id_ed25519):

    chmod 600 ~/.ssh/id_rsa
    chmod 600 ~/.ssh/id_ed25519
  • File authorized_keysand known_hosts:

    chmod 644 ~/.ssh/authorized_keys
    chmod 644 ~/.ssh/known_hosts 

Step 3: Check owner and group

The directory and files must belong to the correct user and group:

sudo chown -R $USER:$GROUP ~/.ssh

3. Summary of .ssh directory permissions

 
ElementExampleNumericBitwise
SSSH directory~/.ssh700drwx------
Public key~/.ssh/id_rsa.pub644-rw-r--r--
Private Key~/.ssh/id_rsa600-rw-------
Configuration~/.ssh/config600-rw-------
Home Folder~755 at mostdrwxr-xr-x at most

4. Troubleshooting Common Errors

Error 1: ssh permission denied (publickey)

Cause:

  • Permissions too open on the .ssh directory or private key.
  • Incorrectly configured authorized_keys file.

Fix:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa

Error 2: error: bad permissions .ssh/known_hosts

Cause:

  • The file known_hosts has wrong permissions, permissions 777 (rwx) or is writable by others.

Fix:

chmod 644 ~/.ssh/known_hosts

Error 3: Problems with home directory

If the user's home directory has too open permissions (e.g., 777), SSH will refuse access.
How to fix the permissions:

chmod 750 ~/

Best Practice for SSH Security

  • Use ssh-keygen -t ed25519 to generate cryptographically strong keys, with elliptic encryption.
  • Avoid 777 permissions on any files or folders, especially if connected to SSH.
  • Automatize checks with Bash scripts or tools such as Ansible.

FAQ

Q1: Why should the .ssh directory have permissions 700?

R: Permissions 700 ensure that only the owner can access the directory, preventing unauthorized reads.

Q2: How to check permissions with ssh -v?

R: Use ssh -v user@host for detailed debugging. The output will show errors like Permissions 0644 for 'id_rsa' are too open.

Q3: What to do if I don't have root permissions?

R: Contact the system administrator or use chown and chmod with current user privileges.

SSSH errors such as permission denied (publickey) or bad permissions can compromise security and block access to servers. Our Linux experts will quickly resolve configuration issues and optimize your SSH infrastructure.

Contact a Linux Expert

Add new comment

Comment

  • Allowed HTML tags: <br> <p> <code class="language-*"> <pre>
  • Lines and paragraphs break automatically.
  • Only images hosted on this site may be used in <img> tags.