SSH refuses to use your config file because it has insecure file permissions or is owned by another user. Fix by setting correct ownership and restricting permissions to owner-only read/write.
This error occurs when SSH (used by Git for secure connections) detects that your ~/.ssh/config file has permissions that are too open or is owned by someone other than you. SSH enforces strict security requirements on configuration files to prevent other users or processes from tampering with your SSH settings. The SSH client performs permission checks before reading configuration files. If the ~/.ssh/config file is world-readable, group-writable, or owned by root (when you're not root), SSH will refuse to use it. This protects you from malicious configuration that could redirect your connections or compromise your credentials. On Linux and macOS, the config file must be owned by your user and have permissions of 600 (read/write for owner only) or 400 (read-only for owner). On Windows, the file must only be accessible by SYSTEM and your user account.
First, examine the current state of your SSH config file and directory:
ls -la ~/.ssh/config
ls -ld ~/.sshThe output should show:
- Owner: your username (not root)
- Permissions: -rw------- (600) for config file
- Directory permissions: drwx------ (700) for .ssh folder
Set the correct restrictive permissions on the config file:
chmod 600 ~/.ssh/configAlso ensure the .ssh directory itself has correct permissions:
chmod 700 ~/.sshThese commands set owner-only read/write access, which SSH requires.
If the file is owned by the wrong user, change ownership to your account:
chown $USER:$USER ~/.ssh/configTo fix ownership of the entire .ssh directory:
chown -R $USER:$USER ~/.sshYou may need to use sudo if the files are currently owned by root.
On Windows, you need to modify NTFS permissions:
1. Right-click on the .ssh folder in your user directory
2. Select "Properties" -> "Security" tab -> "Advanced"
3. Click "Disable inheritance" and choose "Convert inherited permissions"
4. Remove all users except SYSTEM and your user account
5. Check "Replace all child object permission entries..."
6. Click "Apply" and "OK"
For your user, ensure you have "Full control" permissions.
Test that SSH can now read your config file:
ssh -T [email protected]Or for GitLab:
ssh -T [email protected]You should see a welcome message instead of the permissions error.
### WSL (Windows Subsystem for Linux) Considerations
If you are using WSL and have mapped your WSL home directory to your Windows home directory, chmod commands may have no effect because the Windows filesystem does not support Unix permissions natively.
Solutions:
1. Use WSL native home directory (recommended): Keep ~/.ssh inside the Linux filesystem (/home/username/.ssh)
2. Create a symlink: Store SSH files in the Linux filesystem and symlink from Windows if needed
3. Configure WSL metadata: Add to /etc/wsl.conf:
[automount]
options = "metadata,umask=022,fmask=011"### Multiple SSH Identities
If you use multiple SSH keys for different Git hosts, ensure your config file structure is correct:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_github
Host gitlab.com
HostName gitlab.com
User git
IdentityFile ~/.ssh/id_ed25519_gitlabEach referenced IdentityFile must also have 600 permissions.
kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git