Fix “Permissions are too open … private key will be ignored”

By neokrates, written on April 25, 2010


  • Join date: 11-30-99
  • Posts: 224
View Counter:
Rate it
  • Your skill as shell programmer is?

    View Results

    Loading ... Loading ...
  • bodytext bodytext bodytext

You try to login on remote host, and get “Permissions are too open”. Setting permissions normally fixes that.

The problem is, that the private key you are using must remain private. If you permit others to read it, that condition is not satisfied.


  • Ubuntu linux
  • OpenSSH

Should also work for:

  • Any openSSH with any Unix based system


OpenSsh ignores the key. Permissions are too open…

You typed something like ssh -i ~/.ssh/id_rsa_targethost and this is what openSsh says:

me@myhome:~$ ssh -i ~/.ssh/id_rsa_targethost

Permissions 0644 for '/home/me/.ssh/id_rsa_targethost' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/me/.ssh/id_rsa_targethost

If you try ls, you see that others can do things with your private key:

me@myhome:~$ ls -All /home/me/.ssh/id_rsa_targethost
-rw-r--r-- 1 me me 986 2010-04-25 14:33 /home/me/.ssh/id_rsa_targethost


Change permissions

Only owner can read and write the private key:

chmod 600 /home/me/.ssh/id_rsa_targethost

Or more human readable:

chmod a-rwx /home/me/.ssh/id_rsa_targethost
chmod u+rw /home/me/.ssh/id_rsa_targethost


Should work now


me@myhome:~$ ls -All /home/me/.ssh/id_rsa_targethost
-rw------- 1 me me 986 2010-04-25 14:33 /home/me/.ssh/id_rsa_targethost

Should work now. Have fun!

Be Sociable, Share!
Does that help to solve your problem?
VN:F [1.8.5_1061]
Rating: +82 (from 150 votes)
116 votes 'YES'  34 votes 'NO'


Be Sociable, Share!


19 Responses to “Fix “Permissions are too open … private key will be ignored””

  1. Sviatoslav Zalishchuk says:

    Thank you A LOT. This helped me so much.

  2. TheAwesome says:

    Thanx a lot, this saved me some time… and a LOT of trouble ;)

  3. Thanks for sharing this. Was helpful.

  4. Terry Herckenrath says:

    Initially I skipped changing the permissions (by accident) and ever since then ssh refuses to use the id_rsa file.
    I even removed the file, generated a new key and even tried renaming the id_rsa file, but all to no avail :-(
    It’s like ssh remembers the one slip-up and refuses to give me a second chance – very frustrating…

    • admin says:

      – did ssh ever worked on your system?

      – Do you directly point the key you want to use with -i option?
      like ssh -i ~/.ssh/id_rsa_targethost

      What does the ssh say?

      – You can also try to create another user and try all again under this new user.

      • Terry Herckenrath says:

        It’s been working fine for another user for ages.
        Yes, I’m using the -i option.
        ssh simply asks for my password.

  5. Nishant says:

    Thanks man , this is really helpful.

  6. Maxim says:

    Well.. My private key placed on truecrypt mounted partition, and i can’t change permission at key file.. And what to do in this case?

    • I also use truecrypt, never had problems setting permissions on files inside truecrypt disk…
      Why can’t you?
      Do you use linux or windows? Is the key file owned by your user?

  7. […] Fix “Permissions are too open … private key will be ignored” […]

  8. […] Fix “Permissions are too open … private key will be ignored” […]

  9. […] Fix “Permissions are too open … private key will be ignored” […]

  10. Shyam says:

    Thanks A Lot…it’s helped me…

  11. Doctor Proctor says:

    Thanks very much, quick and simple.  Much appreciated.

  12. ?????? says:

    If you can’t remember what the original settings are, add a new user and create a set of SSH keys for that user, thus creating a new .ssh folder which will have default permissions. You can use that new .ssh folder as the reference for permissions to reset your .ssh folder and files to.

  13. Sameera says:

    Helpful information, Thanks.

    I found related issue and blogged on that on my blog,

Leave a Reply