"Bad owner or permissions" error using Cygwin's ssh.exe

29

12

I'm trying to use ssh.exe in Cygwin (in Windows 7). I copied a config file into c:\cygwin\home\[USERNAME]\.ssh. When I run ssh (for example, ssh -vT git@bitbucket.org) I get the following error:

OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 Bad owner or permissions on /home/[USERNAME]/.ssh/config

How do I get ssh to read my configuration file?

Rebecca Scott

Posted 2011-10-20T11:02:35.510

Reputation: 1 248

Answers

9

Check the permissions of the config file using Cygwin's ls command:

> c:\cygwin\bin\ls.exe -la c:\cygwin\home\[USERNAME]\.ssh

It will probably be something like this:

total 5
drwxrwxrwt+ 1 Administrators None  0 Oct 20 17:02 .
drwxr-xr-x+ 1 [USERNAME]     None  0 Oct 19 08:15 ..
-rw-------  1 Administrators None 57 Oct 20 16:58 config

The config file needs to belong to [USERNAME]. Try this:

> c:\cygwin\bin\chown.exe [USERNAME] c:\cygwin\home\[USERNAME]\.ssh\config

ls -la should now show the correct owner. If that still doesn't work, try resetting the mode (permissions):

> c:\cygwin\bin\chmod.exe 700 c:\cygwin\home\[USERNAME]\.ssh\config

Rebecca Scott

Posted 2011-10-20T11:02:35.510

Reputation: 1 248

46

After doing as above, I always got this:

total 22
drwxrwxr-x+ 1 jl None    0 Sep  9 18:44 .
drwxrwxr-x+ 1 jl None    0 Sep  9 18:44 ..
-rw-rw----  1 jl None  129 Jul  1 14:30 config

and the error on .ssh/config. So I've run chown on the .ssh folder, and chmod again like this:

> chown -R [USERNAME]:users .ssh/

and then:

> chmod -R 600 .ssh/

and finally I got it working:

total 29
drwxrwxr-x+ 1 jl None     0 Sep  9 18:44 .
drwxrwxrwt+ 1 jl None     0 Sep  9 18:44 ..
drw-------+ 1 jl Users    0 Sep  9 18:44 .ssh

Edit(for bash on Windows10)

When you get the error..

Failed to add the host to the list of known hosts (/PATH_TO_HOME/USERNAME/.ssh/known_hosts).

Make sure that known_hosts is writable

$ chmod 755 known_hosts

Note: I believe you only need to set 600 for your private key

Then, try to ssh.

When you get..

Permanently added 'HOST_IP' (RSA) to the list of known hosts.

You may replace mode 600

$ chmod 600 known_hosts

P.S.: I think this is a bug on Windows 8.

Joaolvcm

Posted 2011-10-20T11:02:35.510

Reputation: 1 210

Have a look in /etc/group if you're unsure about the exact (localized) group name. – Luchs – 2014-06-19T20:52:20.780

1Thanks this worked for me as well, in German you need to use chown -R [Username]:Benutzer .ssh/ – con – 2014-09-08T17:23:07.080

It's not just windows 8. It happened for me (win7) after modifying the config file using my sublimeText editor, which apparently saves the file using its own permissions. The above solution fixed the problem – xShirase – 2014-11-28T19:23:50.927

The accepted answer didn't work for me, but this did. Thanks! – Achal Dave – 2013-09-12T03:54:28.830

Also, this is quite a weird bug. On my computer (W8.1), editing the .ssh/config file in Vim always leads to this bug. It's extremely annoying, as every change to my ssh config requires running these commands. – Achal Dave – 2013-10-22T18:14:50.583

4And just to add to the weirdness, if you're using an non English version of Windows then make sure to use the locale translation of "users" when issuing this command. For example in Dutch it becomes "chown -R :Gebruikers .ssh" – Alexander Kellett – 2014-01-13T10:27:04.630

1For me, this worked:

chown -R m0j0:Users .ssh && chmod -R go-rwx .ssh – m0j0 – 2014-01-23T14:40:52.047

Tried changing the group on just .ssh/config, but it didn't work until I first changed the group on the .ssh directory itself. Thanks! – Paul Brannan – 2014-03-27T16:20:57.933

20

This answer is copied verbatim from https://superuser.com/a/875934/82032. This is the only answer that worked for me after a recent cygwin upgrade.

Don't forget the ACLs

Nothing worked for me until I stripped the file of ACLs and reset the permissions.

#remove ACLs
setfacl -b ~/.ssh/config

#reset permissions
chmod 0600 ~/.ssh/config

You can use getfacl to view the current ACL on a file.

getfacl ~/.ssh/config

Before I removed the ACLs (Broken):

# owner: Administrators
# group: None
user::rw-
group::---
group:Authenticated Users:rwx
group:SYSTEM:rwx
mask:rwx
other:---

After: (working)

# file: config
# owner: myusername
# group: None
user::rw-
group::---
other:---

gdw2

Posted 2011-10-20T11:02:35.510

Reputation: 1 025

This is what I had to do after upgrading cygwin – blockloop – 2015-02-20T17:01:24.910

1This requires cygwin 1.7.34-6 – ClintM – 2015-02-20T22:18:42.027

This is what worked for me! – Ashutosh Jindal – 2015-03-03T15:45:55.213

9

For unix & OSX

Quite simply:

chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/

For Windows

If the file is a windows (NTFS) symbolic link, the above won't work. You need to make it a regular file. I am not sure why.

If you don't have openssh or cygwin, use chocolatey to install it easily.

choco install cyg-get

Open Cygwin Terminal that was installed with chocolatey and run (note that ssh-keygen creates new keys):

cyg-get install openssh
ssh-keygen
cd ~/.ssh && explorer.exe .

Verify keys are there (or replace them with the keys you want), and then in Cygwin shell:

chown -R $USER:users ~/.ssh/
chmod -R 600 ~/.ssh/

Or for the rare case that you're using (and generated the keys from) chocolatey's SSH package:

chown -R $USER:users  /cygdrive/c/Users/$USER/.ssh
chmod -R 600 /cygdrive/c/Users/$USER/.ssh

Jonathan

Posted 2011-10-20T11:02:35.510

Reputation: 1 287

This is usually it for me, since the group is usually wrong on the files. – Alan Krueger – 2015-01-04T02:56:12.713

3

Important note if your Windows is not in US English: the "users" group's name is locale-dependant. For example, if your Windows is in Spanish, you'll have to change the files' ownership with chown $USER:Usuarios *

RAKK

Posted 2011-10-20T11:02:35.510

Reputation: 345

1

None of these (chmod/chown/icacls/setacl/copyacls/explorer>security) worked on my cygwin64/win7/admin, finally this works with cygwin64/ssh -F ~/.ssh/config other solutions are to use older ssh in cygwin32 or ssh in git for windows..

mosh

Posted 2011-10-20T11:02:35.510

Reputation: 227

Using -F will solve the problem with config, but won't solve permissions for private keys. – Jari Turkia – 2018-10-30T17:03:00.243

0

For those who uses noacl in path with ~/.ssh dir simple solution is to create native NTFS symbolic link:

cmd# mklink c:\home\.ssh c:\opt\cygwin\home\misc\.ssh
symbolic link created for c:\home\.ssh <<===>> c:\opt\cygwin\home\misc\.ssh

With noacl there is no way to set permissions other then rwxr-xr-x or rw-r--r--. As / hierarchy should be without noacl (or should be with acl) you can create directory here and point to it problematic places for Cygwin's apps.

gavenkoa

Posted 2011-10-20T11:02:35.510

Reputation: 1 386

1Given this is a directory, the simple solution would be using a junction, because that doesn't require the privileges required for setting a symbolic link. That'd be mklink /j then or the junction tool from the Sysinternals Suite. – 0xC0000022L – 2018-03-22T09:47:05.877

0

tldr: You may have created the config as adminstrator

Solution

These solutions may be overkill if you ended up mistakenly creating the file as admin, and trying to use the file with local perms.

  • Copy the contents of your ssh config
  • Delete the file
  • Open a new shell (local - non admin)
  • Navigate to the path where your config is stored (usually ~/.ssh in PowerShell or %userprofile%\.ssh in cmd)
  • Run notepad .\config

Simple commands (PowerShell):

$sshPath = '~/.ssh/config'
$content = cat $sshPath
# In case the line above fails, this check will prevent your current config to get deleted
if ($content) {
  rm $sshPath
  $content | Out-File -en ascii $sshPath
}

AP.

Posted 2011-10-20T11:02:35.510

Reputation: 103

Asked: 2011-10-20T11:02:35.510

Viewed: 29 451 times

Active: 2019-09-19T21:12:18.533