Setting Proper Permissions on ~/.ssh

Chain lock over green wooden door.

SSH, or Secure Shell, is a network protocol that allows one device to securely connect to another remote device. The SSH protocol includes both a server and a client in order to provide the capability to connect from and connect to a remote device.

SSH client files are stored in a folder titled .ssh which is found in the home directory (~) of each user that utilizes SSH. This folder is not created by default, but is created if a remote host attempts to connect to the local device, or when the ssh-keygen is run.

Here is an example file structure of the ~/.ssh folder.

|- ~
|--- .ssh/
|----- config
|----- known_hosts
|----- authorized_keys
|----- id_rsa
|----- id_rsa.pub

In order for the SSH service to use the files contained in ~/.ssh, you must ensure that the file permissions and file ownership is set properly. If these files are given too many permissions, SSH won’t allow you to use them. Let’s review the proper permissions of the above example file structure.

File/FolderPermission (rwx)Permission (###)
~/.sshdrwx——0700
config**-rw——-0600
known_hosts-rw——-0600
authorized_keys-rw——-0600
id_rsa**-rw——-0600
id_rsa.pub-rw-r–r–0644

** Permissions on the config file, and identify files containing private keys, are mandatory.

References

1. http://linuxcommand.org/lc3_man_pages/ssh1.html
2. https://superuser.com/questions/215504/permissions-on-private-key-in-ssh-folder#answer-1559867

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.