When configuring SSH keys to be able to login to a server without a password you mighkeys2t run into a permissions error. If the authorized_keys or authorized_keys2 file has the incorrect permissions it will not authenticate with your ssh-rsa key but instead still require a password. If you are having trouble configuring SSH keys you should check the /var/log/secure file to see if there is an error displaying in that log. You may see the error displayed below.

Error: Authentication refused: bad ownership or modes for file .ssh/authorized_keys

If you see this error it means that the authorized_keys or authorized_keys2 file has the incorrect ownership or permissions. Make sure that the authorized_keys file is owned by the user that will be logged into and the permissions are 600. So if the username is backup you would want the file to look like the below when issuing the “ls -alh” command.

-rw------- 1 backup backup 409 Mar 23 19:56 authorized_keys

If the ownership or permissions are different than the above you can accomplish setting the proper ownership and permissions by using the below two commands.

chown backup.backup authorized_keys
chmod 600 authorized_keys

That should resolve your problems and now from the remote server you should be able to SSH to this server and login without a password.

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , ,
10 Responses to “Authentication refused: bad ownership or modes for file .ssh/authorized_keys”
  1. eMPee584 says:

    Unexpected collateral effect of making the root account’s home dir accessible to my other user: my backupninja failed to run rdiff-backup because ssh couldn’t do passwordless login anymore..
    Solution: ..not only needs the authorized_keys file be mode 600, but also the parent directories (usually /root/ and /root/.ssh) need to be mode 700.. if you have troubles of this sort, run
    tail -f /var/log/messages|grep ssh
    while logging in from somewhere else and see what the ssh daemon is complaining about…

    [Reply]

    alex Reply:

    Hello eMPee584,

    I would not recommend ever making the root users home directory accessible by other users. That is a huge security risk.

    [Reply]

    eMPee584 Reply:

    of course you’re right, but as i’m the only other user of the system.. was a temporary manner of convenience.. sometimes the only ideas one comes up with are stupid, eh XD

    [Reply]

    alex Reply:

    Hello eMPee584,

    I totally understand. Sometimes there is just the need to get things done no matter if they are correct/perfect or not. :) The life of a sysadmin. :P Thanks for taking the time to respond.

    Thanks.
    alex

    [Reply]

  2. wakacje says:

    I just book marked your blog on Digg and StumbleUpon.I enjoy reading your commentaries.

    [Reply]

    alex Reply:

    Hello wakacje,

    Great to hear. Thanks for taking the time to leave feedback.

    Thanks.
    alex

    [Reply]

  3. Guy says:

    Thanks, I wasted twenty minutes before reading this.

    [Reply]

    alex Reply:

    Hello Guy,

    No problem. Glad we were able to help out. Thanks for taking the time to post feedback.

    Thanks.
    alex

    [Reply]

  4. sk says:

    Hello , alex

    First, I need to thank you for your share the case , I have the same worry with you, I do as you say ,but the worry always on ,please could you tell me detail about it ?
    Thanks in advance

    [Reply]

    alex Reply:

    Hello sk,

    Not sure I understand what you are asking about… If you can be ore specific with what your issue is I could try to provide an answer.

    Thanks.
    alex

    [Reply]

  5.  
Leave a Reply

*Type the letter/number combination in the abvoe field before clicking submit.

*