See all UNIX related articles/faq
I‘m trying to login using ssh keys but server is only allows to login me using a password. The following message is logged into my Linux or Unix server /var/log/secure or /var/log/auth.log file:
Advertisement

Feb 25 06:36:50 ns5 sshd[26681]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys2

Here is another message:

May 24 18:28:35 ls-www-1 sshd[531320]: Connection closed by 18.1.2.3 port 43640 [preauth]
May 24 18:28:44 ls-www-1 sshd[531322]: Authentication refused: bad ownership or modes for file /home/admin/.ssh/authorized_keys
May 24 18:28:44 ls-www-1 sshd[531322]: Connection closed by authenticating user admin 18.1.2.3 port 43650 [preauth]

How do I fix this problem?

You need to set correct permission on your server to fix “Authentication refused: bad ownership or modes for file” error. You can use the following commands to view this error:
# File that keep authentication logs for both #
# successful or failed logins #

# tail -f /var/log/auth.log #Debian/Ubuntu
# tail -f /var/log/secure #RHEL/CentOS
# tail -f /var/log/auth.log #FreeBSD Unix

On Linux you can use the journalctl command when using the systemd as init:
$ journalctl -f -u ssh.service
$ journalctl -f -u sshd.service

The ~/.ssh/authorized_keys2 file is no longer used in modern OpenSSH versions. Starting with OpenSSH version 3, it was deprecated. This page was originally created in 2009 and recently updated.

Finding permission for ~/.ssh/authorized_keys* file to fix “ssh authentication refused: bad ownership or modes” error

Log in into your server using console or emergency mode as ssh will not work. Once logged into the server change directory to ~/.ssh/ using the cd command:
# cd ~/.ssh/
# OR if the user name is 'admin' #
# cd /home/admin/.ssh/

Now list authorized_keys or authorized_keys2 file permissions using the ls command or stat command. For example:
# ls -l authorized_keys
Here is what I see on my Debian Linux 12 server:

-rwxrwxrwx 1 admin admin 507 May 24 18:26 authorized_keys

Another take:
# stat authorized_keys
Outputs:

  File: authorized_keys
  Size: 507       	Blocks: 8          IO Block: 4096   regular file 
Device: 259,1	Inode: 393225      Links: 1
Access: (0777/-rwxrwxrwx)  Uid: ( 1000/   admin)   Gid: ( 1000/   admin)
Access: 2024-05-24 18:26:52.460938076 +0000
Modify: 2024-05-24 18:26:52.460938076 +0000
Change: 2024-05-24 18:27:54.089189470 +0000
 Birth: 2024-05-24 18:26:52.460938076 +0000

Use the cat command to verify contains of the file:
# cat authorized_keys
If you know exact IP or want to search a specific ‘ssh-ed25519’ keys try the grep command or egerp command # grep 'ssh-ed25519' authorized_keys
Outputs:

ssh-ed25519 AAAAC3zzzC1lxxxxxyyyzzzzT1A cbz-www-001 admin user key

Fixing SSH Authentication Refused: Bad Ownership Or Modes For Directory Messages

Login to your account using password or console. Once logged in type the following command to fix this issue:
# chmod 0600 ~/.ssh/authorized_keys2
OR
# chmod 0600 ~/.ssh/authorized_keys
Next make sure the home directory has correct permissions too. For example, user named ‘admin’ with ‘/home/admin/’ directory will have at least admin (user) and admin (group permissions). Use the chown command to set correct permissions:
# List permissions
# ls -ld /home/admin/ /home/admin/.ssh/
# Set it
# chown -v -R admin /home/admin

Now verify it:
# ls -ld /home/admin/ /home/admin/.ssh/
Outputs:

drwxr-xr-x 5 admin admin 4096 May 24 18:28 /home/admin/
drwx------ 2 admin admin 4096 May 24 18:29 /home/admin/.ssh/

Again make sure /home/admin/.ssh/ has drwx------ (0700) permissions. Otherwise, set it:
# chmod 0700 /home/admin/.ssh/
Now, you should able to login using your ssh keys from your workstation or other servers. Try it:
{vivek@desktop:~}$ ssh admin@server-1

What to do when there is a no ~/.ssh/authorized_keys file on the server?

If the ~/.ssh/authorized_keys file is missing; it simply means that no SSH keys have been authorized for passwordless login for that user. Here’s what you can do on the server itself:

Make ~/.ssh/ directory if missing

{admin@server1:~}$ mkdir ~/.ssh/

Set correct permissions:

{admin@server1:~}$ chmod 700 ~/.ssh/

Set correct username and group permission (say the user is admin and the group is admin):

{admin@server1:~}$ chown admin:admin ~/.ssh/

Copy ssh public key to the remote server:

Now, from your client machine/desktop, type the following command to copy your ssh public key
{vivek@desktop:~}$ ssh-copy-id user@server1
{vivek@desktop:~}$ ssh-copy-id -i ~/.ssh/your-key.pub user@server1

It would help if you supplied your password when prompted. This will create or update ~/.ssh/authorized_keys on the server. See the following pages for more info:

Summing up

Now you know how to fix the “SSH Authentication Refused: Bad Ownership Or Modes For Directory” error. Here is a quick summary:

SSH Authentication refused: bad ownership or modes for file ssh-authorized_keys file

Click to enlarge

See the OpenSSH project website documentation section or read them offline using the man command or help command:
$ man ssh
$ man sshd

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

3 comments… add one
  • ismael silva Jan 11, 2012 @ 21:57

    Set the correct permission from home directory user…
    this will to be. “755”.

  • Alexander Húska May 24, 2024 @ 2:20

    IMHO you should at least create new authorized_keys file or verify it – not blindly enable when something is wrong.

  • Vivek Kumar May 26, 2024 @ 6:35

    History delete karna hai

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.