116

I've installed openssh for windows and when I run ssh localhost I get

Bad owner or permissions on C:\Users\gary/.ssh/config

I've looked at these 2 questions https://superuser.com/questions/348694/bad-owner-or-permissions-error-using-cygwins-ssh-exe and https://serverfault.com/questions/253313/ssh-returns-bad-owner-or-permissions-on-ssh-config but none of the answers work for me. sshd is running as a service as the Local System user. I've run chmod 0600 C:\Users\gary\.ssh\config and chown gary C:\Users\gary\.ssh\config. I've also cleared the ACL by running setfacl -b C:\Users\gary\.ssh\config and then chmod 0600 C:\Users\gary\.ssh\config again. I've also tried changing the owner to SYSTEM and got the same error.

I'm not sure what else to do, is there anything wrong with my setup? I also have git installed which installed mingw, I deleted ssh and sshd from my git installation so they wouldn't be on my path.

Other commands I've run are icacls "C:\Users\gary\.ssh\config" /setowner gary chown -R gary:1049089 C:\Users\gary\.ssh

ls -la C:\Users\gary\.ssh\config shows

-rw-r--r-- 1 gary 1049089 229 Jan 3 14:43 'C:\Users\gary.ssh\config'

it keeps showing this even after changing the owner to SYSTEM, but in the file properties in file explorer it shows SYSTEM as the owner

gary69
  • 3,620
  • 6
  • 36
  • 50
  • 2
    I just got the same problem today for the first time after updating windows. I am also using cmder and "vagrant ssh" is the one that produces the same error for me. I found out (from `PATH` environment variable), that the `ssh` client which vagrant used was the one from `C:\WINDOWS\System32\OpenSSH`. So i just needed to add a path to my own `ssh` client first - problem solved. Hope this helps. – van May 03 '18 at 12:32
  • 1
    this [blog](https://petertran.com.au/2018/06/06/bad-owner-permissions-ssh-config/) maybe helpful – douyu Feb 21 '20 at 10:17
  • 1
    Got the same problem today. I tried a lot different things and finally got it to work for me. 1. disabled inheritance for .ssh folder and removed all permission, 2. add Administrators perm back 3. renamed my computer name so it's different from user name. still using windows openssh, not git ones. – JCQian Oct 16 '20 at 17:40
  • change permissions to your whole .ssh folder to only have you with full access, that's how it should be anyways. – Max Barrass Dec 15 '21 at 10:34
  • @douyu's comment link to the blog helped me. I'm not sure anybody has explained why this solution works. That's something I'd like to see ELI5 with pictures. This post: https://petertran.com.au/2018/06/06/bad-owner-permissions-ssh-config/ – Eric Hepperle - CodeSlayer2010 Aug 15 '23 at 20:05

28 Answers28

205

This started popping up immediately after I created another user with Administrator privileges, and that account began inheriting access to my .ssh folder.

You do not need to change your permissions whatsoever.

Just go to .ssh, right-click Properties, Security Tab, Advanced. DISABLE INHERITANCE, then click on the Administrator user (the one that is not you) and Remove them. Apply. Done.

Jason Hughes
  • 2,612
  • 1
  • 10
  • 10
  • 3
    This appear to have been the case for me. I'd set up another User Account on the system for testing. And it had access. Once I removed that user from access to the `.ssh` folder it worked fine. – thomthom Dec 07 '19 at 15:15
  • 1
    I tried this but it did not solve the problem for me – phydeauxman Jan 05 '21 at 19:03
  • 1
    Big thanks ! This worked for me. So below was my environment and hope someone finds this useful. - WSL 1.0 running Ubuntu 20 on a Windows 10 machine - .ssh/config file was not being read by vagrant and constantly gave permission issues. - applied the above settings and vagrant ssh worked just fine post application – Rohit Salecha Jan 12 '21 at 04:52
  • 8
    When you are disabling the inheritance you will be asked if you want to copy the current inherited access rights. Select yes and then continue by removing the other user as described above. – pabouk - Ukraine stay strong Feb 11 '21 at 20:10
  • 1
    Detail update 2021. Still need to remove inheritance. Use: owner -> Full control. Administrator -> Modify. Delete any other. Note that if you open the file it may alter permissions again, depending on the software you use. – Efren May 11 '21 at 22:46
  • 1
    How this is not marked as accepted as clearly this is solving the problem. at least it should popup as the first answer as this is the most valid one. – Polla A. Fattah Aug 03 '21 at 21:33
  • 1
    "You don't need to change your permissions whatsoever, just go change the permissions" – stackers Aug 18 '21 at 20:26
  • IT support logged into my machine as Admin and provoked this issue and this was the fix. Error came up when trying to use VSCode to ssh into remote server. – mdisibio Nov 04 '21 at 01:05
  • How do I buy you a coffee/tea/beer? This has saved me from typing in a huge password every time my VPN drops! Other solutions out there that involve moving the id_rsa file around did not work for me – doghousedean Dec 16 '21 at 11:23
  • Thanks a lot! This worked for me. BWT, after I disabled INHERITANCE, and issue have fixed, I enabled in back, and all is woking. – andreyk2 Hohlov Feb 15 '22 at 19:10
  • 1
    I had done this (remove inheritance, remove other users) to the .ssh directory, but the config file itself still had some other users listed. After removing those users, all is working. – Tom Malaher Jun 15 '22 at 15:25
  • This works, but why? If my user has permissions, why does it matter that another admin also does? – Daniel Viaño Aug 10 '22 at 10:43
  • It's especially confusing that the error message contains a bad looking path that mixes both Windows backslashes (\) and Unix forward slashes (/) leading a reader to assume that's probably what needs to be fixed somehow. This fix worked for me too, @gary69 please Accept it by clicking the checkmark near its upvote rating (top left). – Starman Sep 22 '22 at 03:35
  • What would you suggest if the Security Tab is not available? – skwokie Mar 21 '23 at 22:23
  • @gary69 needs to mark the right answer, I think is this one – fnaquira Apr 24 '23 at 17:08
54

Use ssh client from Git instead of Windows inbuilt SSH client. E.g. set VS Code to use C:\Program Files\Git\usr\bin\ssh.exe instead of C:\Windows\System32\OpenSSH\ssh.exe.

Steps:

  1. In VS Code navigated to [File] -> [Preferences] -> [Settings] -> Search remote.ssh.path
  2. Input C:\Program Files\Git\usr\bin\ssh.exe

Alternatively:

  1. Update PATH environment variable to point to Git bin before Windows System32.
  2. Type "env" in Start bar to edit System (or account) environment variables.
  3. Select Path and hit edit.
  4. Add C:\Program Files\Git\usr\bin\ssh.exe to the list and move it to the top of the list.
Lisa
  • 4,333
  • 2
  • 27
  • 34
Gerard Carbó
  • 1,775
  • 18
  • 16
  • 8
    It would be better if you've also told the steps. – Siraj Alam Jun 17 '19 at 19:10
  • 5
    Thanks for the hint. I solved the issue by adding *C:\Program Files\Git\usr\bin* to the system variable Path and made sure that it is above (before) *%SYSTEMROOT%\System32\OpenSSH*. Sadly, I'm unable to use Git's *ssh* with Windows's *ssh-agent* service. I'll decrypt all my private keys then. – weeix Jul 23 '19 at 02:54
  • 2
    I solved this by using GitBash instead of Cygwin. – Harry Mar 30 '21 at 21:29
  • 4
    Steps: [File] -> [Preferences] -> [Settings] -> Search `remote.ssh.path` -> Input ```C:\Program Files\Git\usr\bin\ssh.exe``` into [Remote.SSH: Path] see: https://code.visualstudio.com/docs/remote/troubleshooting#_installing-a-supported-ssh-client – Yukihiko Shinoda Aug 01 '21 at 17:12
  • 1
    This answer may solve the issue for some users but this is not really the solution of the problem. This is more like a workaround for people who have installed git anyway. – anion Dec 26 '21 at 22:35
  • This worked for me per @YukihikoShinoda but very irritating to not understand for be able to fix the original issue. – Lisa May 10 '22 at 02:36
  • I used chatGPT and asked many things related to this issue. In my case I logged in using microsoft account and ssh worked with local user account in this case power shell or cmd showed me bad permission everytime many changes I done. But this one solution fix everything. – heySushil Mar 10 '23 at 11:11
32

Just got same issue after re-install windows. And easily fixed just by changing the file permissions to

.ssh-config file permissions

SYSTEM & Administrators - Full Control
[your username] - Modify & as Owner

Note:

Suncatcher
  • 10,355
  • 10
  • 52
  • 90
Fery W
  • 1,402
  • 1
  • 15
  • 28
  • 1
    Above worked for me, but didn't work if I replaced by username with OWNER in permission line where Fery has given it Modify permissions. Full control works for permissions. – arberg Jun 17 '18 at 18:10
  • 4
    This worked for me (OpenSSH-Win32 on Windows 10) after removing inheritance and all other permissions and adding only myself with Full Control. – neilsimp1 Jul 03 '18 at 15:55
  • 2
    Giving full control over file to user and/or removing inheritance doesn't help. Guess I'll just change SSH client, since I have Git Bash installed :) – vintprox Oct 08 '19 at 08:58
  • 1
    Just commenting to SEO this answer a bit more as it was hard to find. We were on Composer for Windows 10, version 1.9.3. This answer solved the issue of "UNPROTECTED PRIVATE KEY FILE" and " Bad owner or permissions" when trying update from our own private BitBucket repository. – philistyne Feb 20 '20 at 12:33
  • This worked for me. I am still running Win 10 1703 and am using a manually installed version of Win32-OpenSSH. – Derek Evermore Jul 06 '20 at 17:56
  • I had one extra entry which had the access as "Modify" and I believe it allowed all users to access the file as the principal value was "USERS (``/users)". I disabled inheritance, and delete that entry. Worked fine after that. – Hokkyokusei Mar 26 '23 at 21:21
19

For those still struggling with this, check this out: https://github.com/PowerShell/openssh-portable/pull/418. This was the case for me. It turns out that your computer should be named differently from your username... ‍♂️ It will probably be fixed soon in future updates, because fix got into commit.

So again: if your computer name is the same as your username and you still haven't fixed this issue with permissions dialog, then probably renaming your computer could help.

Егор Малыгин
  • 190
  • 3
  • 6
  • 2
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes – Muhammad Dyas Yaskur Feb 04 '20 at 01:46
  • Thank you so much. This fixed it for me – Tin Nguyen May 25 '20 at 20:21
  • Exectly. My User name and Computer name was the same. Renaming to different names fixed the issue. Thanks – Jamaxack May 29 '20 at 16:01
  • Thank you, this solved it for me! The issue is still not fixed, I had to change my computer name. – Liga Oct 15 '20 at 13:23
  • Thank you so much! I had the user name equal to the computer name. Renaming the computer fixed the issue. – ko80 Aug 04 '21 at 20:37
14

Instead of using the properties box, you can use the one liner:

icacls .ssh /grant:r <yourUserName>:f /inheritance:r

/grant:r username:f -> grant and overwrite permissions, giving full permissions to username /inheritance:r -> remove inherited permissions

Keep known_hosts writable with icacls .ssh/known_hosts /grant:rw <username>:f /inheritance:r

R Ben R
  • 344
  • 4
  • 9
LarryH
  • 1,718
  • 2
  • 12
  • 15
  • 5
    Not enough upvotes, I guess the terminal is a bit too scary, but this really is the better way. I will just add the known_hosts file should remain writable. ` icacls .ssh/known_hosts /grant:rw :f /inheritance:r ` – R Ben R Apr 12 '22 at 20:11
13

Having the exact same issue today, this is how I solved it:

  1. Go to C:\Users\username.ssh
  2. Right-click the config file
  3. Properties -> Security -> Advanced -> Disable Inheritance -> Disable inheritance -> Remove all inherited permissions from this object -> Apply -> Yes -> Ok -> Ok enter image description here
Ala Eddine JEBALI
  • 7,033
  • 6
  • 46
  • 65
10

I'm not sure what version of Windows you're running, but since this is recent I'd guess Windows 10. I recently found out that an OpenSSH client is installed by default as of the April 2018 update. I then found I had two instances of OpenSSH: the one I installed myself and the one Windows gave me. Uninstalling the one I had installed caused the error message you describe.

The solution that worked for me was to remove the user-installed OpenSSH as well as the C:\Users\username\.ssh folder, and let Windows 10 OpenSSH create the folder when you run the command the next time. I didn't have any configuration I was worried about losing, but if you do I'd suggest copying and pasting the contents of the files somewhere and recovering them afterwards.

Hope this helps!

17slim
  • 1,233
  • 1
  • 16
  • 21
  • Checking the permissions given by the ssh.exe itself after removing the .ssh folder, and applying those to the rest of files, fixed the problem for me. – Raúl Salinas-Monteagudo May 31 '19 at 11:43
  • I had this problem I had copy pasted my old `.ssh` folder after reinstalling windows, thats why it was showing me this error. deleting `.ssh` folder and let ssh create it again worked for me. – Rohit Kaushal Oct 17 '21 at 06:04
9

Use FixUserFilePermissions.ps1 to fix permissions of client side files - keys and config files of current user.

git clone git@github.com:PowerShell/openssh-portable.git
cd openssh-portable/contrib/win32/openssh
.\FixUserFilePermissions.ps1 -Confirm:$false
SlashGordon
  • 720
  • 8
  • 11
  • 2
    I had to clone the repo, cd into `/openssh-portable/contrib/win32/openssh` and then run the above command. Much easier than configuring windows file properties and permissions. – SomeGuyOnAComputer Aug 20 '19 at 03:57
  • YESSS, thank you! It worked just fine. Just remember to run those commands with administrator privileges and it just works! – Tramonta Oct 26 '22 at 13:23
8

On windows server this is due to permission problem. Need to remove access to other users for the following folders

.ssh - folder

Right click on this folder -> Select "Give access to" - > Click on "Remove Access" Right click on this folder -> Select "properties" - > "Securities" - > Click on "Edit Permissions" - Remove other users except the ID you are logged in.

Repeat the same process for the folder under which you have .pem file. (Note: Keep .pem file in a separate folder)

Dave Rada
  • 81
  • 1
  • 1
3

For anyone, who still has troubles after applying the owner + modify (plus full control for admins): it did not work for me. Then I saw a solution to remove all other users (incl all admins), which did not help either.

This worked for me:

  • leave System and Administrators in place, with full control, as suggested above
  • leave the user itself in place, as owner, with modify, as suggested above
  • however, remove any other user or group. You probably need to go to advanced first, to disable inheritance of rights

after I removed an administrative user who was added by Windows after entering my folder (by passing through the UAC box), it worked for me again.

Hope this helps for anyone who encounters this specific issue :-)

benzhi
  • 116
  • 1
  • 5
3

If User is in Administrative group just keep configuration in c:\programdata\ssh\ssh_config instead %USERPROFILE%.ssh\config, will work

Mainak
  • 31
  • 1
  • This was the solution which I ended up using. The computer had the same name as the user and this meant that I didn't need to change it. – Andy Castles Jan 12 '21 at 11:20
2

after disabling inheritance, make sure you add your current user, else u cannot edit the file

Rahul Somasundaram
  • 578
  • 1
  • 6
  • 16
1

For me it was fixed by running chmod 0644 config under ~/.ssh/. Earlier it was set to 755 which was causing "Bad owner or permissions on /home/home/.ssh/config"

Rahul Bhatia
  • 11
  • 1
1

I tried all the solutions above, and sadly still can't fix this issue. I'm pretty sure the permission of my ssh config is correct, this has been verified by the Explore GUI and the Get-Acl commands.

Then I finally find a way to solve it:

delete the entire .ssh folder and then open powershell and type ssh localhost. It will create a new .ssh folder for you, then you can apply the above permission tweaks(for me I only did one thing: disable inheritance).

So if other solutions doesn't work for you, maybe you can try this. Hope it's helpful.

PS: don't forget to backup your old .ssh folder before deleting it.

Zieng
  • 453
  • 1
  • 7
  • 17
1

I was having this problem, and no amount of changing permissions or disabling inheritance on the config file would fix it. It turned out that it did not like my computer name and user name being the same, so I re-named my computer, allowed open ssh to re-create the config file, and the permissions are now correct. That was probably a bad idea to begin with, tbh.

KR-SO
  • 11
  • 1
1

I deleted C:\Users\user/.ssh/config and reran my stuff, then it worked.

However, if you have something valuable there, make a backup first, just in case!

Fusseldieb
  • 1,324
  • 2
  • 19
  • 44
1

After a domain change over, I started having this same problem. Went through all of the suggestions listed and nothing worked, including both chmod and chown solutions.

I ended up fixing the problem by copying the folder, pasting it, deleting the original, and then renaming it back to .ssh.

John K
  • 41
  • 6
1

For me, re-editing the permission settings in Windows is too complicated. Regenerating another configuration in vscode does not work either.

I set a custom config file path to solve this problem.
["Remote SSH: Config file"]
The absolute file path to a custom SSH config file.

note: search this option by @ext:ms-vscode-remote.remote-ssh,ms-vscode-remote.remote-ssh-edit config file

grayxu
  • 84
  • 6
0

The problem seems from the files are owned/has-permission for more than one user.

1- Go to your ./ssh folder and for both config & id_rsa files. From the properties -> Security -> Advanced: 2- Make sure that the user that you are logged in with IS the only user there.

ßastian
  • 1,814
  • 3
  • 13
  • 22
0

No group change or whatever,the first answer is right.Change to git ssh.exe How?

  • uninstall win10's openssh in Settings
  • add path of git's ssh.exe to your Path
jojo_007
  • 115
  • 1
  • 5
0

For me it was fixed by running chmod 0644 config under ~/.ssh/ when running WSL.

K. Martin Holtan
  • 1
  • 1
0
  1. Rename the config file to something like config2
  2. Open this file with notepad
  3. Save As config (original name)

This worked for me.

Ayman Arif
  • 1,456
  • 3
  • 16
  • 40
Omemanti
  • 1
0

I guess it was caused by the wrong path expression.

Bad owner or permissions on C:\Users\gary/.ssh/config

The /.ssh should be \.ssh. So I try to use git bash (the terminal tool when install git in Windows system) to run ssh command. It really works. But I don't really know if it is caused by the reason I guessed.

nilknow
  • 319
  • 3
  • 6
0

Hi guys after a troubleshoot for a day I found that this "m.. f.." config file should not stand in the .ssh/ path.

For VSCODE just set the config in 'C:\ProgrmaData\ssh\ssh_config' path as proposed in the second choice of the palette command, and forget .shh path for this configuration.

That worked fine for me.

Nota: there was also a known_host file also created here with strange VM names inside, I deleted also this file. and that helps

Nicolas Chaillou
  • 19
  • 3
0

This is because the config file cannot be accessed normally. We can create a new config file (this file needs to be accessible normally), such as D:/.ssh/config, and then specify the configuration file through the -F option: ssh -F D:/.ssh/config username@ip_address -p port

team317
  • 11
  • 2
0

Delete the .config file, it has worked for me

Eric Aya
  • 69,473
  • 35
  • 181
  • 253
Isac Arcanjo
  • 21
  • 2
0

None of the solution above worked. Deleting/Setting permissions etc. Same settings and no changes done for .config file. Finally added obvious path for .ssh config as

"C:\User\USERNAME\.ssh\config" (use double slash).

Followed: https://github.com/microsoft/vscode-docs/issues/3210

Incredible
  • 3,495
  • 8
  • 49
  • 77
0

This problem arose when I used the Visual studio code remote ssh connection - extension with WSL 2

I'm not exactly sure whether WSL 2 or VSCode fiddled with it, but after accepting the fingerprint of a local ssh device, the format was like this

C://users//xyz.ssh\blablabla

you see how the slashes are reversed?

Alas, this ancient problem back from the stone age ... I resolved it by just deleting the whole .ssh folder, then opening up a CMD (NOT wsl since it is again linux) and just ssh again to the device, accepting the fingerprint yadda yadda.

-> the folder is now fixed! I'm sure this will solve other bad ownership problems too, but then again I'm a local administrator on the computer here, not taking into account corporate admins who might ghost around on this box

clockw0rk
  • 576
  • 5
  • 26