Authentication refused: bad ownership or modes for file


One of the common error many administrators face after configuring password-less ssh (key based authentication between two Unix servers).  The password-less ssh does not work and (ssh asks for the user password) and /var/log/messages file would show an error message “sshd [15426]:Authentication refused: bad ownership or modes for file”. 

 Most of the times this error comes due to incorrect permissions on $HOME/.ssh/authorized_keys file.

Make sure the permissions of $HOME/.ssh/authorized_keys file and other important files is as given below to fix this error.

1. Permissions of  $HOME/.ssh folder (.ssh folder in home directory of user) should be 700 (drwx——)

2.  Permissions on  authorized_keys file in $HOME/.ssh folder should be 740

3.  Permissions on  id_dsa or id_rsa (depending upon the algorithm type used) file in $HOME/.ssh folder should be 600

4.  Permissions on  id_dsa.pub or id_rsa.pub file in $HOME/.ssh folder should be 640

5.  Permissions on known_hosts files in $HOME/.ssh folder should be 640.

6.  Make sure the $HOME/.ssh folder and all the above mentioned files in $HOME/.ssh folder has correct ownership (example.  If you logged in using pwssh user then the ownership on the .ssh folder and all the files inside .ssh folder should be pwssh:pwssh).

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Linux/CentOS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s