Linux Permissions for Keys

220418

When you have...

Quick Fix

Command this for individual keys

Command this for the SSH Key folder

So what are these random digits?

Each digit represents the access privilege of User, Group, and Other.

  7: 4(r) + 2(w) + 1(x) rwx read, write and execute  6: 4(r) + 2(w) rw- read and write  5: 4(r) + 1(x) r-x read and execute  4: 4(r) r-- read only  3: 2(w) + 1(x) -wx write and execute  2: 2(w) -w- write only  1: 1(x) --x execute only  0: 0 --- none

Therefore, chmod 600 means giving read and write access to the user and nothing to any other parties.
Giving 755 means giving full access to the user and read, execute access to any other parties.
Giving 777 🎰 means giving full access to everyone.

Note that Linux SSH manual says:

~/.ssh/: This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user and not accessible by others. (Recommends 700)
~/.ssh/id_rsa: Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key, which will be used to encrypt the sensitive part of this file using 3DES. (Recommends 600)

Backlinks (1)

221119

Comments (0)

Linux Permissions for Keys

Warning

This post is more than a year old. Information may be outdated.

220418

When you have...

Permissions 0644 for '~/.ssh/key.pem' are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.

Permissions 0644 for '~/.ssh/key.pem' are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.

Quick Fix

Command this for individual keys

Command this for the SSH Key folder

So what are these random digits?

Each digit represents the access privilege of User, Group, and Other.

  7: 4(r) + 2(w) + 1(x) rwx read, write and execute  6: 4(r) + 2(w) rw- read and write  5: 4(r) + 1(x) r-x read and execute  4: 4(r) r-- read only  3: 2(w) + 1(x) -wx write and execute  2: 2(w) -w- write only  1: 1(x) --x execute only  0: 0 --- none

  7: 4(r) + 2(w) + 1(x) rwx read, write and execute  6: 4(r) + 2(w) rw- read and write  5: 4(r) + 1(x) r-x read and execute  4: 4(r) r-- read only  3: 2(w) + 1(x) -wx write and execute  2: 2(w) -w- write only  1: 1(x) --x execute only  0: 0 --- none

Therefore, chmod 600 means giving read and write access to the user and nothing to any other parties.
Giving 755 means giving full access to the user and read, execute access to any other parties.
Giving 777 🎰 means giving full access to everyone.

Note that Linux SSH manual says:

~/.ssh/: This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user and not accessible by others. (Recommends 700)
~/.ssh/id_rsa: Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key, which will be used to encrypt the sensitive part of this file using 3DES. (Recommends 600)

Backlinks (1)

221119

Comments (0)