Friday, August 28, 2015

SSH - Home directory permission must be 755 or 700 for ssh key-based authentication to work

If you are facing the following symptom

1. Your root or some users are able to SSH with key-based authentication to remote machine
2. Some other random users are unable to SSH with key-based authentication to remote machine

You should check the permission of your home directory. Key-based authentication only work with permissions of 755 or 700

SSH is very picky on this restriction. The reason being is, SSH wants to prevent .ssh folder contents such as authorized_keys, known_hosts, etc being modified by someone other than the owner. If anyone else could modify the .ssh folder content, it potentially means that anyone could impersonate the owner.

No comments:

Post a Comment