6

When trying to load my keys I get this error

ssh-add ~/.ssh
Permissions 0755 for '/home/starkers/.ssh' are too open.

Note that the permissions are too open for the .ssh directory, not an actual key.

Modifying the ownership doesn't change anything:

chmod 755 ~/.ssh
ssh-add ~/.ssh
Permissions 0755 for '/home/starkers/.ssh' are too open.

The thing is, I need to write to this directory when I create new keys, so what's it on about?

nunofmendes
  • 3,731
  • 2
  • 32
  • 42
Starkers
  • 10,273
  • 21
  • 95
  • 158
  • Just a small tip, `chmod` doesn't modify the ownership (that's `chown`). – Burhan Khalid Nov 14 '13 at 08:03
  • Oh, fair enough! Still it says that 0755 is too lenient. Don't know what it's on about frankly. Get none of this rubbish on my local machine. I need to write and read to it, end of. – Starkers Nov 14 '13 at 08:04
  • 1
    possible duplicate of [ssh "permisssions are too open" error](http://stackoverflow.com/questions/9270734/ssh-permisssions-are-too-open-error) – Burhan Khalid Nov 14 '13 at 08:04
  • It's not. Why I said `Note that the permissions are too open for the .ssh directory, not an actual key.` – Starkers Nov 14 '13 at 08:05
  • Its the same thing; your directory has the wrong permissions. It should be `700`; I'm not sure why you have `755` there. – Burhan Khalid Nov 14 '13 at 08:06
  • Would you revoke that close please I went to the trouble of pointing out the difference. – Starkers Nov 14 '13 at 08:06
  • 1
    If it's 600, I can't write to the directory when generating a new key. Is the idea to lock down the directory once I've generated a key? I haven't experienced this on my local machine, but that does make sense. – Starkers Nov 14 '13 at 08:09
  • This answer has been answered, refer to [https://stackoverflow.com/questions/9270734/ssh-permissions-are-too-open](https://stackoverflow.com/questions/9270734/ssh-permissions-are-too-open) – Feisal Ali May 25 '23 at 06:47

2 Answers2

19

Your .ssh directory should have permissions 0700. Not 0600 (too strict) or 0755 (too permissive). Do:

chmod -R 700 ~/.ssh

Use -R to recursively change permissions for all files in there.

Simo A.
  • 1,330
  • 13
  • 18
0

Nobody should be able to get at your keys except you, not even to read them or discover their names. That's basic sensible security and it means no permissions whatsoever for group or world.

First you should own the directory. Then, you should be using something like 600 or 700 (preferably the latter, see below).

From the ssh man-page (but with my italics):

~/.ssh/

This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others.

paxdiablo
  • 854,327
  • 234
  • 1,573
  • 1,953