1

I have a problem on FreeBSD 14.0 - the ~/.ssh/ directory is owned by me, but I can not access it as myself:

$ ls -al .ssh
ls: .: Permission denied
ls: ..: Permission denied
ls: authorized_keys: Permission denied
ls: known_hosts: Permission denied
total 0

only as root:

# ls -al .ssh
total 18
drw-------  2 alex alex   4 Mar 29 20:24 .
drwxr-xr-x  4 alex alex  14 Mar 29 21:09 ..
-rw-------  1 alex alex 490 Mar 29 20:46 authorized_keys
-rw-------  1 alex alex 825 Mar 29 20:24 known_hosts

This apparently also causes ssh not to be able to access it for key authentication (client public key is already on the server in the .ssh/authorized_keys file; I can login using password, but with key I get this:

ssh [email protected] -vvv
...
debug1: Host '10.211.55.6' is known and matches the ED25519 host key.
debug1: Found key in /Users/alex/.ssh/known_hosts:21
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/alex/.ssh/id_ed25519 ED25519 SHA256:gQo01WDh/PW9AyO/Cdq4xnc/S+pTb4H13sFdtsDFxto explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/alex/.ssh/id_ed25519 ED25519 SHA256:gQo01WDh/PW9AyO/Cdq4xnc/S+pTb4H13sFdtsDFxto explicit
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,password,keyboard-interactive).

PubkeyAuthentication is set to yes, the sshd service was restarted, I can't figure out what I'm doing wrong here?

Improve this question
2
  • 1
    Change permissions to 700?
    – vidarlo
    Commented Mar 29 at 22:04
  • @vidarlo indeed, thank you! If you want to make it the answer, I'll accept it. I would, however, also like to know why 700 (nothing executable in there), and why doesn't the owner have permissions on that directory?
    – Alex
    Commented Mar 29 at 23:04

1 Answer 1

Reset to default
2

you need execute bit on a directory to be able to access files in it; so, chmod u+x .ssh (or chmod u+rwx .ssh, or chmod 700 .ssh) is required.

The dual use of x bit is a Unix tradition. think of it as a “permission to cross a /”.

Improve this answer
1
  • yes, indeed - I was focusing on the files inside the directory only, but the problem was the directory itself. Thanks!
    – Alex
    Commented Mar 30 at 2:02

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .