SSH refuses to use private key files with overly permissive permissions (0644, 0755, etc). Private keys must be restricted to the owner only (mode 600 or 400) for security.
SSH enforces strict permission checks on private key files to prevent unauthorized access to your credentials. When a private key file has permissions of 0644 or higher, it means the file is readable by group members and others on the system. Since private keys must remain confidential, OpenSSH rejects such files during authentication. The error occurs because the SSH daemon validates that only the file owner can read the private key—any broader access is considered a security risk and the key is ignored.
Use ls -la to view the current permissions:
ls -la ~/.ssh/id_rsaLook for the permission string at the start of the output. Permissions like -rw-r--r-- (0644) or -rwxr-xr-x (0755) are too open.
Use chmod to set permissions to 600 (read and write for owner only):
chmod 600 ~/.ssh/id_rsaOr for a more restrictive read-only access:
chmod 400 ~/.ssh/id_rsaMode 600 allows you to read and modify the key (sometimes needed for key management), while 400 restricts it to read-only.
The .ssh directory itself must have permissions 700 (read, write, execute for owner only):
chmod 700 ~/.sshCheck the result:
ls -ld ~/.sshYou should see drwx------ (700 permissions).
To ensure all files in your .ssh directory have correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys ~/.ssh/known_hosts ~/.ssh/config 2>/dev/null
chmod 600 ~/.ssh/id_rsa ~/.ssh/id_ed25519 2>/dev/null
chmod 644 ~/.ssh/*.pubThis sets:
- 700 for the directory
- 600 for private keys (id_rsa, id_ed25519, etc.)
- 644 for public keys (*.pub files)
- 600 for other sensitive files (authorized_keys, known_hosts, config)
After fixing permissions, retry your SSH command:
ssh user@hostnameOr if using a specific key:
ssh -i ~/.ssh/id_rsa user@hostnameThe connection should now succeed. If it still fails, check that you're connecting with the correct username and that the public key is in the remote system's authorized_keys file.
SSH permission checks are platform-specific and strictly enforced on Unix-like systems (Linux, macOS, BSD). On Windows, WSL (Windows Subsystem for Linux) and Git Bash follow the same Unix permission rules. Native Windows SSH clients may be more lenient with permissions but still recommend following these guidelines. The SSH daemon checks both the private key file AND the .ssh directory itself—if either has incorrect ownership or permissions, authentication will fail. Use stat to see detailed permission information: stat ~/.ssh/id_rsa. For shared systems, consider using SSH agent with key passphrases for additional security. If you're copying keys between systems (e.g., CI/CD pipelines), ensure the copy operation preserves or corrects permissions immediately after transfer.
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
How to fix SSH man-in-the-middle attack warning in SSH
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
How to fix "WARNING: UNPROTECTED PRIVATE KEY FILE!" in SSH
sign_and_send_pubkey: no mutual signature supported
How to fix "sign_and_send_pubkey: no mutual signature supported" in SSH
Bad owner or permissions on /home/user/.ssh/known_hosts
How to fix "Bad owner or permissions on known_hosts" in SSH
It is required that your private key files are NOT accessible by others.
How to fix "private key files are NOT accessible by others" in SSH