Chmod 700 for .ssh Directory
Learn why chmod 700 is required for the ~/.ssh directory. SSH enforces strict directory permissions for security.
Permission
700
rwx------
chmod 700 filename
Permission Breakdown
| Role | Read (4) | Write (2) | Execute (1) | Octal | Meaning |
|---|---|---|---|---|---|
| Owner | r | w | x | 7 | read, write, execute |
| Group | - | - | - | 0 | no permissions |
| Others | - | - | - | 0 | no permissions |
Visual Permission Grid
Detailed Explanation
The permission 700 is the required permission for the ~/.ssh directory. The SSH client checks directory permissions as part of its security validation.
Octal breakdown:
- 7 (Owner): read (4) + write (2) + execute (1) = full access
- 0 (Group): no access
- 0 (Others): no access
In symbolic notation this is rwx------.
The ~/.ssh directory contains your most sensitive authentication material: private keys, known hosts, authorized keys, and SSH configuration. If this directory is accessible by other users, an attacker with local access could:
- Read your private keys and impersonate you
- Modify your
authorized_keysto grant themselves access - Tamper with
known_hoststo enable man-in-the-middle attacks - Read your SSH config to discover servers you connect to
The SSH client enforces that ~/.ssh is 700 (or 755 in some configurations, but 700 is recommended). If the directory has incorrect permissions, SSH may refuse to read its contents, breaking key-based authentication.
After creating the directory or fixing permissions, run: chmod 700 ~/.ssh
Use Case
Required for the ~/.ssh directory on all Unix/Linux/macOS systems. SSH validates this permission as part of its strict security checks for key-based authentication.