.ssh/id_rsa failed: permission denied

git heroku ssh ssh-keys chown

83,016

Solution 1

You should own the permissions to the .ssh dir in your own directory, but in your case, it's owned by root. Try

cd ~
sudo chown drewverlee .ssh

and then retry creating keys and connecting.

Solution 2

For some reasons, the id_rsa file in the ~/.ssh folder was in read-only mode for my user (0400). I changed that to read-write (0600) with

chmod 0600 id_rsa

and after I was obviously able to overwrite the file. I guess these are the highest permissions you can give to this file, as others wouldn't make too much sense.

Solution 3

Since none of the answers above worked for me. I will post my answer:

If you still remember the password and want to keep old id_rsa, then use RECOMMENDED SOLUTION, else go to NOT RECOMMENDED SOLUTION.

NOT RECOMMENDED SOLUTION

Remove old ssh

sudo rm -rf ~/.ssh/id_rsa
sudo rm -rf ~/.ssh/id_rsa.pub

Generate new ssh and use it (see https://help.github.com/enterprise/2.15/user/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/)

Why it worked:

ssh created by sudo command is ssh for root, not for the user. This means that ssh-add ~/.ssh/id_rsa will fail to add root ssh to a user.
when you try to generate new user ssh, you cannot successfully replace the old one because it was generated for root.

(Please ask me to fix my answer if there is something wrong. thx :)

Solution 4

I had the same problem on CentOS 6. Solved it by removing selinux:

sudo yum remove selinux*

found the answer here

note: probably not a good idea to blindly remove selinux if you don't know what you're doing though

Solution 5

My user (ubuntu - you can find out typing whoami) did own the ~/.ssh folder but it still wasn't letting me use the symlink (File: ~/.ssh/my_file_rsa) from ssh-keygen. So I just cd'ed into the ~/.ssh folder and didn't put an outside path for the rsa file name.

whoami
ls -Al ~

cd ~/.ssh
ssh-keygen
Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa):  my_file_rsa

View more solutions

83,016

Author by

Drew Verlee

I'm Looking to help people achieve their dreams by applying the right technology where appropriate.

Updated on November 24, 2021

Comments

Drew Verlee over 2 years

I have been scanning the web/SO and read several permission denieds plea's for help I just cant find one that solves my issue in a way i understand.

I'm following these instructions (Getting Started with Python on Heroku/Cedar). Everything went alright until:

drewverlee@ubuntu:~/helloflask$ source venv/bin/activate
(venv)drewverlee@ubuntu:~/helloflask$ git push heroku master

The authenticity of host 'heroku.com (50.19.85.132)' can't be established.
RSA key fingerprint is ##:##:##:##:##:##:##:##:##:##:##:## (I replaced with #)
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/drewverlee/.ssh/known_hosts).
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

(Not sure of security so i replaced the key with (#))

I think it might be because of

drwx------  2 root       root        1024 2012-03-08 21:26 .ssh

because

drewverlee@ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/drewverlee/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
open /home/drewverlee/.ssh/id_rsa failed: Permission denied.
Saving the key failed: /home/drewverlee/.ssh/id_rsa.

As someone with little experience in these matters i'm not sure how to undo what i have done safely as i know i'm meddling with powerful tools. Any advice on whats going on here? Let me know if i need to include more information to solve the problem.

Phoenix87 almost 7 years

@CIRCLE that doesn't look like a good idea to me

Drew Verlee over 12 years

I figured out how to own my entire user directory as i read this was probable the efficient thing todo . Thanks for pointing me in the right direction.
Mark Fisher almost 11 years

it's easier to disable selinux, rather than remove it by changing SELINUX=disabled in /etc/selinux/config. See Cenos Docs
ddoxey almost 11 years

I found that ssh-keygen prefers to create the .ssh directory. If the directory already exists it emits a permission denied message regardless of permissive ownership permissions configuration.
Eric Rich over 10 years

Stop Disabling Selinx it it was truly an selinux issue you should fix the contexts by reviewing your audit logs.
aalaap over 5 years

cd-ing into the ~/.ssh directory worked for me. I'd love to know more about why this works.
glades over 3 years

@aalaap: strangely this worked for me as well. I would also like to know why.
Rehan Haider about 3 years

By deleting old key, you will lose access to all ssh servers where you were using old key instead just change permission and ownership to fix this problem!