.ssh/id_rsa failed: permission denied
Solution 1
You should own the permissions to the .ssh dir in your own directory, but in your case, it's owned by root. Try
cd ~
sudo chown drewverlee .ssh
and then retry creating keys and connecting.
Solution 2
For some reasons, the id_rsa file in the ~/.ssh folder was in read-only mode for my user (0400). I changed that to read-write (0600) with
chmod 0600 id_rsa
and after I was obviously able to overwrite the file. I guess these are the highest permissions you can give to this file, as others wouldn't make too much sense.
Solution 3
Since none of the answers above worked for me. I will post my answer:
If you still remember the password and want to keep old id_rsa, then use RECOMMENDED SOLUTION
, else go to NOT RECOMMENDED SOLUTION
.
RECOMMENDED SOLUTION
- Reset permission to correct value
chmod -c 0644 id_rsa.pub
chmod -c 0600 id_rsa
NOT RECOMMENDED SOLUTION
- Remove old ssh
sudo rm -rf ~/.ssh/id_rsa
sudo rm -rf ~/.ssh/id_rsa.pub
- Generate new ssh and use it (see https://help.github.com/enterprise/2.15/user/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/)
Why it worked:
- ssh created by
sudo
command is ssh for root, not for the user. This means thatssh-add ~/.ssh/id_rsa
will fail to add root ssh to a user. - when you try to generate new user ssh, you cannot successfully replace the old one because it was generated for root.
(Please ask me to fix my answer if there is something wrong. thx :)
Solution 4
I had the same problem on CentOS 6. Solved it by removing selinux:
sudo yum remove selinux*
note: probably not a good idea to blindly remove selinux if you don't know what you're doing though
Solution 5
My user (ubuntu - you can find out typing whoami) did own the ~/.ssh folder but it still wasn't letting me use the symlink (File: ~/.ssh/my_file_rsa) from ssh-keygen. So I just cd'ed into the ~/.ssh folder and didn't put an outside path for the rsa file name.
whoami
ls -Al ~
cd ~/.ssh
ssh-keygen
Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): my_file_rsa
Drew Verlee
I'm Looking to help people achieve their dreams by applying the right technology where appropriate.
Updated on November 24, 2021Comments
-
Drew Verlee over 2 years
I have been scanning the web/SO and read several permission denieds plea's for help I just cant find one that solves my issue in a way i understand.
I'm following these instructions (Getting Started with Python on Heroku/Cedar). Everything went alright until:
drewverlee@ubuntu:~/helloflask$ source venv/bin/activate (venv)drewverlee@ubuntu:~/helloflask$ git push heroku master The authenticity of host 'heroku.com (50.19.85.132)' can't be established. RSA key fingerprint is ##:##:##:##:##:##:##:##:##:##:##:## (I replaced with #) Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/drewverlee/.ssh/known_hosts). Permission denied (publickey). fatal: The remote end hung up unexpectedly
(Not sure of security so i replaced the key with (#))
I think it might be because of
drwx------ 2 root root 1024 2012-03-08 21:26 .ssh
because
drewverlee@ubuntu:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/drewverlee/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: open /home/drewverlee/.ssh/id_rsa failed: Permission denied. Saving the key failed: /home/drewverlee/.ssh/id_rsa.
As someone with little experience in these matters i'm not sure how to undo what i have done safely as i know i'm meddling with powerful tools. Any advice on whats going on here? Let me know if i need to include more information to solve the problem.
-
Phoenix87 almost 7 years@CIRCLE that doesn't look like a good idea to me
-
-
Drew Verlee over 12 yearsI figured out how to own my entire user directory as i read this was probable the efficient thing todo . Thanks for pointing me in the right direction.
-
Mark Fisher almost 11 yearsit's easier to disable selinux, rather than remove it by changing
SELINUX=disabled
in/etc/selinux/config
. See Cenos Docs -
ddoxey almost 11 yearsI found that ssh-keygen prefers to create the .ssh directory. If the directory already exists it emits a permission denied message regardless of permissive ownership permissions configuration.
-
Eric Rich over 10 yearsStop Disabling Selinx it it was truly an selinux issue you should fix the contexts by reviewing your audit logs.
-
aalaap over 5 years
cd
-ing into the~/.ssh
directory worked for me. I'd love to know more about why this works. -
glades over 3 years@aalaap: strangely this worked for me as well. I would also like to know why.
-
Rehan Haider about 3 yearsBy deleting old key, you will lose access to all ssh servers where you were using old key instead just change permission and ownership to fix this problem!