Fix SSH Directory Permissions
When moving your .ssh directory to a new computer, incorrect file permissions can prevent SSH from working and create security vulnerabilities. This guide shows you how to correctly set SSH permissions on Linux and Mac.
SSH is strict about file permissions for security reasons. If your SSH keys or config files have permissions
that are too open, SSH will refuse to use them, displaying errors like
Permissions 0644 for '/home/user/.ssh/id_rsa' are too open or simply refusing to connect. This
commonly happens when copying your .ssh directory from another computer, extracting from a backup, or moving
files between operating systems.
Understanding SSH Permission Requirements
SSH requires specific permissions to ensure your private keys remain secure:
- Private keys must only be readable by you (owner)
- The .ssh directory should only be accessible by you
- Public keys can be more permissive as they're meant to be shared
- Config and authorized_keys should only be readable/writable by you
Setting Correct SSH Permissions Step-by-Step
1. Fix .ssh Directory Permissions
chmod 700 ~/.ssh/
This sets the .ssh directory to 700 (read, write, and execute for owner only). This prevents
other users on the system from reading your SSH configuration or keys.
2. Fix Private Key Permissions
chmod 600 ~/.ssh/id_rsa
This sets your private key to 600 (read and write for owner only). Private keys must never be
readable by other users. If you have multiple private keys, apply the same permissions to each one.
3. Fix Config File Permissions
chmod 600 ~/.ssh/config
This sets your SSH config file to 600. The config file may contain sensitive information like
hostnames, usernames, and key file locations.
4. Fix Public Key Permissions
chmod 644 ~/.ssh/id_rsa.pub
This sets your public key to 644 (read and write for owner, read-only for group and others).
Public keys are meant to be shared, so they can be more permissive.
5. Fix authorized_keys Permissions
chmod 600 ~/.ssh/authorized_keys
This sets authorized_keys to 600. This file contains public keys that are allowed to authenticate
to your account.
Convenient Shell Function
Instead of running each command individually, you can create a shell function that fixes all SSH permissions
at once. Add this function to your .bashrc or .zshrc file:
function fixsshpermissions() {
chmod -R 700 ~/.ssh/
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/config
chmod 644 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/authorized_keys
}
After adding this to your shell configuration file, reload it with source ~/.bashrc or
source ~/.zshrc. Then simply type fixsshpermissions to set all SSH permissions
correctly in one go.
Frequently Asked Questions
Why is SSH so strict about file permissions?
SSH enforces strict file permissions to prevent security breaches. If your private key is readable by other users on the system, they could potentially copy it and impersonate you when connecting to remote servers. SSH refuses to use keys with overly permissive permissions as a safeguard against accidental exposure.
What if I have different key file names?
Common private key names include id_rsa, id_ed25519, id_ecdsa, and
id_dsa. Apply chmod 600 to all your private key files. The corresponding public
keys (with .pub extension) should use chmod 644.
Do these permissions work on Windows?
Windows handles file permissions differently than Unix-like systems. If you're using Windows Subsystem for Linux (WSL) or Git Bash, these chmod commands will work. For native Windows SSH, you'll need to use Windows' file property security settings or the icacls command.
What if I still get permission errors after fixing permissions?
Check the following: ensure your home directory itself isn't world-writable (chmod 755 ~),
verify the ownership of files with ls -la ~/.ssh (they should be owned by your user), check for
SELinux or AppArmor contexts on Linux systems (restorecon -R -v ~/.ssh on SELinux systems), and
examine SSH client logs with ssh -v for detailed error messages.