Fixing “Bad owner or permissions on ~/.ssh/config” Error: SSH Configuration File Permissions Guide


4 views

When working with SSH, you might encounter the frustrating "Bad owner or permissions on ~/.ssh/config" error. This occurs when SSH detects improper file permissions or ownership on your configuration file, even when you're certain you have the correct access rights.

SSH is extremely particular about file permissions for security reasons. The ~/.ssh/config file must:

  • Be owned by the current user
  • Not be writable by group or others
  • Ideally not be readable by others

First, verify your current permissions with:

ls -la ~/.ssh/

In the example case, we see the config file has -rw-rw-r-- permissions (664), which is too permissive. The group has write permissions, which SSH rejects.

To resolve this, run these commands:

chmod 600 ~/.ssh/config
chown $USER:$USER ~/.ssh/config

This sets:

  • Owner read/write (600) permissions
  • Proper ownership to your user

After making these changes, check the permissions again:

ls -la ~/.ssh/config

You should see something like:

-rw------- 1 youruser youruser 31 Mar 29 11:04 /home/youruser/.ssh/config

While fixing this issue, also check:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_rsa

These additional permission settings help maintain proper SSH security.

If the error persists, try:

ssh -v hostname

This verbose output might reveal additional permission issues with other SSH-related files.

  • Running SSH as root when config is owned by a regular user
  • SELinux contexts interfering with permissions
  • Using symlinks in the .ssh directory
  • Group permissions being too open on parent directories

Here's a properly permissioned config example:

Host myserver
    HostName server.example.com
    User myusername
    Port 2222
    IdentityFile ~/.ssh/myserver_key

When working with SSH, you might encounter the frustrating error: Bad owner or permissions on ~/.ssh/config. This typically occurs when the SSH client detects incorrect file permissions or ownership for your SSH configuration file.

Here's what the error looks like in terminal:

$ ssh hostname
Bad owner or permissions on ~/.ssh/config

First, let's examine the current permissions of your ~/.ssh directory and files:

ls -la ~/.ssh/
total 40K
drwx------ 2 robert robert 4.0K Mar 29 11:04 ./
drwx------ 7 robert robert 4.0K Mar 29 11:04 ../
-rw-r--r-- 1 robert robert 2.0K Mar 17 20:47 authorized_keys
-rw-rw-r-- 1 robert robert   31 Mar 29 11:04 config
-rw------- 1 robert robert 1.7K Aug  4  2010 id_rsa
-rw-r--r-- 1 robert robert  406 Aug  4  2010 id_rsa.pub
-rw-r--r-- 1 robert robert 6.1K Mar 29 11:03 known_hosts

SSH is particularly strict about file permissions for security reasons. The config file should have:

  • Owner should be the current user
  • Group should be the current user's primary group
  • Permissions should be 600 (rw-------) or 644 (rw-r--r--)

Here's how to correct the permissions:

chmod 600 ~/.ssh/config
chown $USER:$USER ~/.ssh/config

For the entire .ssh directory:

chmod 700 ~/.ssh
chown -R $USER:$USER ~/.ssh

After making these changes, verify the new permissions:

ls -la ~/.ssh/config
-rw------- 1 robert robert 31 Mar 29 11:04 /home/robert/.ssh/config

Some scenarios that might cause this issue:

# Wrong owner
sudo chown root:root ~/.ssh/config

# Too permissive
chmod 777 ~/.ssh/config

# Directory permissions too open
chmod 755 ~/.ssh

For frequent SSH users, consider adding this to your .bashrc:

function fix_ssh_perms() {
    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/*
    chmod 644 ~/.ssh/*.pub
    chmod 644 ~/.ssh/known_hosts
    chmod 600 ~/.ssh/config
    chown -R $USER:$USER ~/.ssh
}

If issues persist, use SSH's verbose mode for more details:

ssh -vvv hostname