analytic

Wednesday, 29 May 2013

Authentication refused: bad ownership or modes for file

This is one of the common error many system administrators face after configuring password-less ssh (key based authentication between two unix servers. The password-less ssh does not work and (ssh asks for the user password) and /var/log/messages file would show an error message “sshd[15426]:Authentication refused: bad ownership or modes for file”.
Most of the times this error comes due to incorrect permissions on $HOME/.ssh/authorized_keys file.
Make sure the permissions of $HOME/.ssh/authorized_keys file and other important files is as given below to fix this error.
1. Permissions of $HOME/.ssh folder (.ssh folder in home directory of user) should be 700 (drwx——)
2. Permissions on authorized_keys file in $HOME/.ssh folder should be 740
3. Permissions on id_dsa or id_rsa (depending upon the algorithm type used) file in $HOME/.ssh folder should be 600
4. Permissions on id_dsa.pub or id_rsa.pub file in $HOME/.ssh folder should be 640
5. Permissions on known_hosts files in $HOME/.ssh folder should be 640.
6. Make sure the $HOME/.ssh folder and all the above mentioned files in $HOME/.ssh folder has correct ownership (example.  If you logged in using pwssh user then the ownership on the .ssh folder and all the files inside .ssh folder should be pwssh:pwssh).
Cheers!!

0 comments:

Post a Comment