Show Contents / Index / Search

File and Directory Permissions for Public Key Authentication

To help ensure secure authentication, files and directories used for public key authentication must be configured with correct permissions and ownership. If these conditions aren't met, public key authentication fails. The following table summarizes recommended and enforced permission requirements.

Notes:

  • The StrictModes setting helps ensure greater security and is enabled by default on both the server and the client.
  • Files must be owned by root or by the owner of the home directory in which the files reside.

File or
Directory

Recommended
Permissions

Required when
StrictModes = no

Required when
StrictModes = yes

The user directory ($HOME/.ssh2/ by default) and all parent directories

user directory = 700

No requirements

User-only write and execute access (744)

private keys

600

User-only read and write access (400 or 600)

User-only read and write access (400 or 600)

The client identification file (identification by default)

600

No requirements

User-only write access (600 or 644)

The user's authorization file on the server (authorization by default.)

600

User-only write access (600 or 644)

User-only write access (600 or 644)