Fixing permissions for keys when they are too open

Walkthrough of closing up permissions when they are too open.

When you have...

Permissions 0644 for '~/.ssh/key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

Quick Fix

  • Command this for individual keys
sudo chmod 600 ~/.ssh/key.pem
  • Command this for the SSH Key folder
sudo chmod 700 ~/.ssh

So what are these random digits?

  • Each digit represents the access privilege of User, Group, and Other.
7: 4(r) + 2(w) + 1(x) rwx read, write and execute
6: 4(r) + 2(w)        rw- read and write
5: 4(r)        + 1(x) r-x read and execute
4: 4(r)               r-- read only
3:        2(w) + 1(x) -wx write and execute
2:        2(w)        -w- write only
1:               1(x) --x execute only
0: 0                  --- none
  • Therefore, chmod 600 means giving read and write access to the user and nothing to any other parties.
  • Giving 755 means giving full access to the user and read, execute access to any other parties.
  • Giving 777 🎰 means giving full access to everyone.

Note that Linux SSH manual says:

  • ~/.ssh/ This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user and not accessible by others. (Recommends 700)
  • ~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key, which will be used to encrypt the sensitive part of this file using 3DES. (Recommends 600)