A brief note about the file permissions of $HOME/.ssh files:

$ ls -la ~/.ssh
total 136
drwx------   17 meng  _lpoperator    578 Feb  8 11:54 .
drwxr-xr-x+ 115 meng  _lpoperator   3910 Feb 25 16:10 ..
-rw-------    1 meng  _lpoperator   1671 Feb  8 11:54 config
-rw-------    1 meng  _lpoperator   1631 Jan 28 21:55 config~
drwxr-xr-x    4 meng  _lpoperator    136 Oct 27 15:16 git-annex
-rw-------    1 meng  _lpoperator   3243 Jan 28 20:47 id_rsa_work
-rw-r--r--    1 meng  _lpoperator    748 Jan 28 20:47 id_rsa_work.pub
-rw-------    1 meng  _lpoperator   1743 Jan 15  2012 id_rsa_lumengdev
-rw-r--r--    1 meng  _lpoperator    402 Jan 15  2012 id_rsa_lumengdev.pub
-rw-r--r--    1 meng  _lpoperator  10174 Feb 19 10:37 known_hosts
-rw-r--r--    1 meng  _lpoperator   7577 Oct  9 15:29 known_hosts~

  • $HOME/.ssh folder should have permission 700.
  • config and private/secret key files id_rsa_XXX should have 600.
  • known_hosts and public/shared key files id_rsa_XXX.public should have 644. And it's fine to have serveral pairs of private/secret and public/shared key files.

Check the default permissions of .ssh

Run ssh <host> will create $HOME/.ssh and $HOME/.ssh/known_hosts file and add an entry for the <host> in it. Running ssh-keygen will create the public/shared and private/secret key pair files: $HOME/.ssh/id_rsa.pub and $HOME/.ssh/id_rsa. Their default permissions are

16:24:06 meng@mycomputer:~/.ssh$ ls -la
total 24
drwx------    5 meng  _lpoperator   170 Feb 25 16:24 .
drwxr-xr-x+ 116 meng  _lpoperator  3944 Feb 25 16:23 ..
-rw-------    1 meng  _lpoperator  1766 Feb 25 16:24 id_rsa
-rw-r--r--    1 meng  _lpoperator   404 Feb 25 16:24 id_rsa.pub
-rw-r--r--    1 meng  _lpoperator   414 Feb 25 16:23 known_hosts
16:24:11 meng@mycomputer:~/.ssh$ ssh -version
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

References

  • http://superuser.com/questions/488718/permissions-on-ssh-causing-problems
Comments on this page are closed.
blog comments powered by Disqus