Skip to main content

Linux Permissions for Keys

When you have...

Permissions 0644 for '~/.ssh/key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

Quick Fix

  • Command this for individual keys

    sudo chmod 600 ~/.ssh/key.pem

  • Command this for the SSH Key folder

    sudo chmod 700 ~/.ssh

So what are these random digits?

  • Each digit represents the access privilege of User, Group, and Other.

    7: 4(r) + 2(w) + 1(x) rwx read, write and execute 6: 4(r) + 2(w) rw- read and write 5: 4(r) + 1(x) r-x read and execute 4: 4(r) r-- read only 3: 2(w) + 1(x) -wx write and execute 2: 2(w) -w- write only 1: 1(x) --x execute only 0: 0 --- none

  • Therefore, chmod 600 means giving read and write access to the user and nothing to any other parties.

  • Giving 755 means giving full access to the user and read, execute access to any other parties.

  • Giving 777 🎰 means giving full access to everyone.

Note that Linux SSH manual says:

  • ~/.ssh/: This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user and not accessible by others. (Recommends 700)
  • ~/.ssh/id_rsa: Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key, which will be used to encrypt the sensitive part of this file using 3DES. (Recommends 600)