Back to Blog
Cloud & DevOpsJanuary 16, 2026

Fix: Bad Owner or Permissions on ~/.ssh/config

Solve the SSH error 'Bad owner or permissions on ~/.ssh/config' that prevents SSH from connecting. Learn the correct file permissions for SSH configuration files.

SshLinuxMacosSecurityTerminal

Fix: Bad Owner or Permissions on ~/.ssh/config

If you see this error when trying to SSH:

Bad owner or permissions on /Users/username/.ssh/config

SSH is refusing to read your config file because the permissions are too open. This is a security feature—SSH won't use configuration files that other users could potentially modify.

Why This Happens

SSH requires strict file permissions to prevent security risks:

  • Wrong owner: The file is owned by another user or root
  • Too permissive: Other users can read or write the file
  • Group writable: The file allows group write access

Common causes:

  • Copying files from another system
  • Extracting from archives that don't preserve ownership
  • Editing with sudo/root
  • Cloud sync services modifying permissions

The Quick Fix

Run these commands to fix permissions:

# Fix ownership (replace 'username' with your actual username)
chown $USER:$(id -gn) ~/.ssh/config

# Fix permissions - owner read/write only
chmod 600 ~/.ssh/config

Complete SSH Directory Permissions

For a fully secure SSH setup, set all these permissions:

# The .ssh directory itself
chmod 700 ~/.ssh

# Config file
chmod 600 ~/.ssh/config

# Private keys
chmod 600 ~/.ssh/id_*
chmod 600 ~/.ssh/*_rsa
chmod 600 ~/.ssh/*_ed25519
chmod 600 ~/.ssh/*_ecdsa
chmod 600 ~/.ssh/*_dsa

# Public keys (can be more permissive)
chmod 644 ~/.ssh/*.pub

# Known hosts
chmod 600 ~/.ssh/known_hosts

# Authorized keys
chmod 600 ~/.ssh/authorized_keys

One-Liner to Fix Everything

chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && chmod 644 ~/.ssh/*.pub 2>/dev/null

Permission Reference Table

File/Directory Permission Numeric Description
~/.ssh/ drwx------ 700 Directory: owner only
~/.ssh/config -rw------- 600 Config: owner read/write
~/.ssh/id_* -rw------- 600 Private keys: owner only
~/.ssh/*.pub -rw-r--r-- 644 Public keys: world readable
~/.ssh/known_hosts -rw------- 600 Known hosts: owner only
~/.ssh/authorized_keys -rw------- 600 Auth keys: owner only

Understanding Permission Numbers

If you're unfamiliar with chmod numbers:

7 = rwx (read + write + execute)  = 4+2+1
6 = rw- (read + write)            = 4+2
5 = r-x (read + execute)          = 4+1
4 = r-- (read only)               = 4
0 = --- (no permissions)          = 0

700 = rwx------  (owner: all, group: none, others: none)
600 = rw-------  (owner: read/write, group: none, others: none)
644 = rw-r--r-- (owner: read/write, group: read, others: read)

Verifying Permissions

Check current permissions:

ls -la ~/.ssh/

Expected output:

drwx------  8 username  staff   256 Jan 15 10:00 .
-rw-------  1 username  staff   419 Jan 15 10:00 config
-rw-------  1 username  staff   411 Jan 10 09:00 id_ed25519
-rw-r--r--  1 username  staff   100 Jan 10 09:00 id_ed25519.pub
-rw-------  1 username  staff  1234 Jan 14 14:00 known_hosts

Special Cases

Running as Root

If you're running SSH as root but your config is owned by another user:

# Option 1: Use the user's config explicitly
ssh -F /home/username/.ssh/config user@host

# Option 2: Copy to root's SSH directory
sudo cp /home/username/.ssh/config /root/.ssh/config
sudo chmod 600 /root/.ssh/config

WSL (Windows Subsystem for Linux)

Files on Windows mounts (/mnt/c/) often have wrong permissions. Copy to Linux filesystem:

cp /mnt/c/Users/Name/.ssh/config ~/.ssh/config
chmod 600 ~/.ssh/config

Shared/Network Drives

SSH files on network drives may not support proper permissions. Keep SSH configs on local storage.

macOS Sonoma+ iCloud

If your home folder is synced to iCloud, SSH files might have issues. Exclude .ssh from sync or use local storage.

Still Not Working?

Use verbose mode to debug:

ssh -vvv user@host

Look for lines mentioning "config" or "permissions" in the output.

Prevention Tips

  1. Don't edit with sudo: Use regular user permissions

    # Bad
sudo nano ~/.ssh/config

# Good
nano ~/.ssh/config

  2. Set umask when creating files: Ensures new files have correct permissions

    umask 077
touch ~/.ssh/config

  3. Use a script for setup: Automate proper permissions

    #!/bin/bash
mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/config
chmod 600 ~/.ssh/config

Summary

The "Bad owner or permissions" error is SSH's security feature. Fix it by ensuring:

  • ~/.ssh/ directory is 700 (owner access only)
  • ~/.ssh/config is 600 (owner read/write only)
  • All private keys are 600
  • Files are owned by your user, not root

Quick fix:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/config