One of the common error many administrators face after configuring password-less ssh (key based authentication between two Unix servers).  The password-less ssh does not work and (ssh asks for the user password) and /var/log/messages file would show an error message “sshd [15426]:Authentication refused: bad ownership or modes for file”. 

 Most of the times this error comes due to incorrect permissions on $HOME/.ssh/authorized_keys file.

Make sure the permissions of $HOME/.ssh/authorized_keys file and other important files is as given below to fix this error.

1. Permissions of  $HOME/.ssh folder (.ssh folder in home directory of user) should be 700 (drwx——)

2.  Permissions on  authorized_keys file in $HOME/.ssh folder should be 740

3.  Permissions on  id_dsa or id_rsa (depending upon the algorithm type used) file in $HOME/.ssh folder should be 600

4.  Permissions on  id_dsa.pub or id_rsa.pub file in $HOME/.ssh folder should be 640

5.  Permissions on known_hosts files in $HOME/.ssh folder should be 640.

6.  Make sure the $HOME/.ssh folder and all the above mentioned files in $HOME/.ssh folder has correct ownership (example.  If you logged in using pwssh user then the ownership on the .ssh folder and all the files inside .ssh folder should be pwssh:pwssh).

Posted in: Linux.
Last Modified: October 17, 2013

Leave a reply