Correct SSH Directory Permissions Ubuntu
Securing your SSH configuration on Ubuntu is crucial for protecting
your server from unauthorized access. This article provides a quick and
direct guide on the exact file and directory permissions required for
the .ssh directory and its contents, ensuring both security
and proper functionality of your SSH connections.
Required Permissions for SSH Files and Folders
SSH is highly sensitive to file permissions. If the permissions are
too open, the SSH daemon (sshd) will reject the keys and
refuse the connection. To ensure a secure and working setup, apply the
following permissions:
- The
.sshdirectory:700(read, write, and execute permissions for the owner only). - Private keys (e.g.,
id_rsa):600(read and write permissions for the owner only). - Authorized keys (
authorized_keys):600(read and write permissions for the owner only). - Public keys (e.g.,
id_rsa.pub):644(read and write for the owner, read-only for others). - Known hosts (
known_hosts):644(read and write for the owner, read-only for others).
How to Set the Correct Permissions
Run the following commands in your Ubuntu terminal to apply the correct ownership and permissions to your user’s SSH directory.
First, ensure you are the owner of the directory and all files inside it:
chown -R $USER:$USER ~/.sshNext, set the directory permission to 700:
chmod 700 ~/.sshSet the permissions for the private keys and the
authorized_keys file to 600:
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_rsaNote: Replace id_rsa with the actual name of your
private key if you used a custom name.
Finally, set the permissions for public keys and the
known_hosts file to 644:
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/known_hostsBy maintaining these strict permission settings, you prevent other users on the system from reading your private cryptographic keys while satisfying the security requirements of the Ubuntu SSH daemon.