Validating Configuration Permissions

OpenSSH applies strict permissions to the $HOME/.ssh directory and files stored in this directory. If the permissions in the directories on either side of the connection are wrong, OpenSSH prevents the connection and errors out with a Permission Denied message.

Access to contents The following steps show you how to set the recommended permissions on the $HOME/.ssh directory and its contents.

1. Set the directory and file permissions as follows. Some of these files might not be present on the system where you're running these commands:

   chmod 700 $HOME/.ssh                  # The user .ssh directory.
   chmod 600 $HOME/.ssh/id_sshkey      # A user's private key. Typical values for id_sshkey are id_rsa or id_ed25519. 
   chmod 644 $HOME/.ssh/id_sshkey.pub  # A user's public key. Typical values for id_sshkey.pub are id_rsa.pub or id_ed25519.pub.
   chmod 600 $HOME/.ssh/config           # Customized configuration entries for the ssh client.
   chmod 600 $HOME/.ssh/authorized_keys  # A user's authorized public key entries to allow login.
   chmod 644 $HOME/.ssh/known_hosts      # A user's known hosts entries for system fingerprints.
   chown -R $USER:$USER $HOME/.ssh       # Recursively set ownership of all .ssh files.

2. Verify that file permissions are correct.

   ls -al .ssh

   drwx------. 2 user group     5 Jun 12   08:33 .
   drwx------. 5 user group     9 Jun 12   08:32 ..
   -rw-------. 1 user group   397 Jun 12   08:33 authorized_keys
   -rw-------. 1 user group  2283 Nov 22 13:22 config
   -rw-------. 1 user group   963 Aug 22 09:27 id_sshkey
   -rw-r--r--. 1 user group   221 Aug 22 09:27 id_sshkey.pub
   -rw-r--r--. 1 user group 85531 Nov  9 10:01 known_hosts