SSH Key File Permissions — Complete Guide
Complete guide to SSH file permissions. Correct permissions for private keys, public keys, authorized_keys, known_hosts, ssh_config, and the .ssh directory.
Detailed Explanation
SSH Permission Requirements
SSH enforces strict permission checks on key files and configuration. If permissions are too open, SSH will refuse to operate or silently ignore files.
Required Permissions
| File | Permission | Notes |
|---|---|---|
~/.ssh/ |
700 |
Directory must be owner-only |
~/.ssh/id_rsa |
600 |
Private key (RSA) |
~/.ssh/id_ed25519 |
600 |
Private key (Ed25519) |
~/.ssh/id_rsa.pub |
644 |
Public key (can be world-readable) |
~/.ssh/authorized_keys |
600 |
Controls who can log in |
~/.ssh/known_hosts |
644 |
Host fingerprints |
~/.ssh/config |
600 |
Client configuration |
Setting All Permissions at Once
# Fix all SSH permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_*
chmod 644 ~/.ssh/*.pub
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/config
chmod 644 ~/.ssh/known_hosts
Server-Side SSH Permissions
# sshd_config and host keys
chmod 600 /etc/ssh/ssh_host_*_key # Private host keys
chmod 644 /etc/ssh/ssh_host_*_key.pub # Public host keys
chmod 644 /etc/ssh/sshd_config # Server configuration
Home Directory Permissions
SSH also checks the home directory itself. If your home directory is writable by group or others, SSH may refuse to use authorized_keys:
chmod 755 ~ # or 750 for stricter security
Troubleshooting
If SSH authentication fails silently, check permissions first:
# Verbose SSH to see permission errors
ssh -vvv user@host
# Common error in logs:
# "Authentication refused: bad ownership or modes for file"
Use Case
Every developer and system administrator working with SSH needs to know these permission requirements. Incorrect permissions are one of the most common causes of SSH authentication failures, and the error messages are often cryptic. This reference saves debugging time.
Try It — Linux Permission Reference
Related Topics
chmod 600 Explained — Owner-Only Read-Write
Common Permissions
chmod 700 Explained — Owner-Only Full Access
Common Permissions
Permissions for Sensitive Files — Passwords, Keys, and Secrets
SSH & Security
chmod 644 Explained — Owner Read-Write, Others Read-Only
Common Permissions
chmod 400 Explained — Owner Read-Only Permission
SSH & Security