I’ve installed openssh for windows and when I run ssh localhost I get
Bad owner or permissions on C:\Users\gary/.ssh/config
I’ve looked at these 2 questions https://superuser.com/questions/348694/bad-owner-or-permissions-error-using-cygwins-ssh-exe and https://serverfault.com/questions/253313/ssh-returns-bad-owner-or-permissions-on-ssh-config but none of the answers work for me. sshd is running as a service as the Local System user. I’ve run chmod 0600 C:\Users\gary\.ssh\config and chown gary C:\Users\gary\.ssh\config. I’ve also cleared the ACL by running setfacl -b C:\Users\gary\.ssh\config and then chmod 0600 C:\Users\gary\.ssh\config again. I’ve also tried changing the owner to SYSTEM and got the same error.
I’m not sure what else to do, is there anything wrong with my setup? I also have git installed which installed mingw, I deleted ssh and sshd from my git installation so they wouldn’t be on my path.
Other commands I’ve run are
icacls "C:\Users\gary\.ssh\config" /setowner gary
chown -R gary:1049089 C:\Users\gary\.ssh
ls -la C:\Users\gary\.ssh\config shows
-rw-r—r— 1 gary 1049089 229 Jan 3 14:43 ‘C:\Users\gary.ssh\config’
it keeps showing this even after changing the owner to SYSTEM, but in the file properties in file explorer it shows SYSTEM as the owner
asked Apr 19, 2018 at 16:53
5
This started popping up immediately after I created another user with Administrator privileges, and that account began inheriting access to my .ssh folder.
You do not need to change your permissions whatsoever.
Just go to .ssh, right-click Properties, Security Tab, Advanced. DISABLE INHERITANCE, then click on the Administrator user (the one that is not you) and Remove them. Apply. Done.
answered Oct 7, 2019 at 18:32
Jason HughesJason Hughes
2,7021 gold badge11 silver badges10 bronze badges
15
Use ssh client from Git instead of Windows inbuilt SSH client. E.g. set VS Code to use C:\Program Files\Git\usr\bin\ssh.exe instead of C:\Windows\System32\OpenSSH\ssh.exe.
Steps:
- In VS Code navigated to [File] -> [Preferences] -> [Settings] -> Search remote.ssh.path
- Input C:\Program Files\Git\usr\bin\ssh.exe
Alternatively:
- Update PATH environment variable to point to Git bin before Windows System32.
- Type «env» in Start bar to edit System (or account) environment variables.
- Select Path and hit edit.
- Add C:\Program Files\Git\usr\bin\ssh.exe to the list and move it to the top of the list.
Lisa
4,3332 gold badges27 silver badges34 bronze badges
answered May 15, 2018 at 7:57
Gerard CarbóGerard Carbó
1,77518 silver badges16 bronze badges
7
Just got same issue after re-install windows. And easily fixed just by changing the file permissions to
SYSTEM & Administrators - Full Control
[your username] - Modify & as Owner
Note:
- I’m still using Windows 10 built-in SSH client
C:\Windows\System32\OpenSSH\ssh.exe& not using cygwin at all
Suncatcher
10.4k10 gold badges52 silver badges90 bronze badges
answered May 31, 2018 at 12:53
Fery WFery W
1,4121 gold badge15 silver badges28 bronze badges
6
For those still struggling with this, check this out: https://github.com/PowerShell/openssh-portable/pull/418. This was the case for me. It turns out that your computer should be named differently from your username… 🤷♂️ It will probably be fixed soon in future updates, because fix got into commit.
So again: if your computer name is the same as your username and you still haven’t fixed this issue with permissions dialog, then probably renaming your computer could help.
answered Feb 4, 2020 at 1:41
5
Having the exact same issue today, this is how I solved it:
- Go to C:\Users\username.ssh
- Right-click the config file
- Properties -> Security -> Advanced -> Disable Inheritance -> Disable
inheritance -> Remove all inherited permissions from this object ->
Apply -> Yes -> Ok -> Ok
answered Nov 26, 2021 at 9:40
0
Instead of using the properties box, you can use the one liner:
icacls .ssh /grant:r <yourUserName>:f /inheritance:r
/grant:r username:f -> grant and overwrite permissions, giving full permissions to username
/inheritance:r -> remove inherited permissions
Keep known_hosts writable with
icacls .ssh/known_hosts /grant:rw <username>:f /inheritance:r
R Ben R
3444 silver badges9 bronze badges
answered Jun 10, 2021 at 21:39
LarryHLarryH
1,7182 gold badges12 silver badges15 bronze badges
1
I’m not sure what version of Windows you’re running, but since this is recent I’d guess Windows 10. I recently found out that an OpenSSH client is installed by default as of the April 2018 update. I then found I had two instances of OpenSSH: the one I installed myself and the one Windows gave me. Uninstalling the one I had installed caused the error message you describe.
The solution that worked for me was to remove the user-installed OpenSSH as well as the C:\Users\username\.ssh folder, and let Windows 10 OpenSSH create the folder when you run the command the next time. I didn’t have any configuration I was worried about losing, but if you do I’d suggest copying and pasting the contents of the files somewhere and recovering them afterwards.
Hope this helps!
answered Aug 2, 2018 at 1:38
17slim17slim
1,2331 gold badge16 silver badges21 bronze badges
2
Use FixUserFilePermissions.ps1 to fix permissions of client side files — keys and config files of current user.
git clone [email protected]:PowerShell/openssh-portable.git
cd openssh-portable/contrib/win32/openssh
.\FixUserFilePermissions.ps1 -Confirm:$false
answered Jul 26, 2019 at 6:25
SlashGordonSlashGordon
7208 silver badges11 bronze badges
2
On windows server this is due to permission problem. Need to remove access to other users for the following folders
.ssh — folder
Right click on this folder -> Select «Give access to» — > Click on «Remove Access»
Right click on this folder -> Select «properties» — > «Securities» — > Click on «Edit Permissions» — Remove other users except the ID you are logged in.
Repeat the same process for the folder under which you have .pem file. (Note: Keep .pem file in a separate folder)
answered Apr 10, 2021 at 5:54
Dave RadaDave Rada
811 silver badge1 bronze badge
1
For anyone, who still has troubles after applying the owner + modify (plus full control for admins): it did not work for me. Then I saw a solution to remove all other users (incl all admins), which did not help either.
This worked for me:
- leave System and Administrators in place, with full control, as suggested above
- leave the user itself in place, as owner, with modify, as suggested above
- however, remove any other user or group. You probably need to go to advanced first, to disable inheritance of rights
after I removed an administrative user who was added by Windows after entering my folder (by passing through the UAC box), it worked for me again.
Hope this helps for anyone who encounters this specific issue 
answered May 17, 2019 at 11:44
benzhibenzhi
1161 silver badge5 bronze badges
0
If User is in Administrative group just keep configuration in
c:\programdata\ssh\ssh_config instead %USERPROFILE%.ssh\config, will work
answered Sep 7, 2019 at 8:32
1
after disabling inheritance, make sure you add your current user, else u cannot edit the file
answered Aug 30, 2021 at 5:15
1
For me it was fixed by running chmod 0644 config under ~/.ssh/. Earlier it was set to 755 which was causing «Bad owner or permissions on /home/home/.ssh/config»
answered Feb 7, 2020 at 11:27
1
I tried all the solutions above, and sadly still can’t fix this issue. I’m pretty sure the permission of my ssh config is correct, this has been verified by the Explore GUI and the Get-Acl commands.
Then I finally find a way to solve it:
delete the entire .ssh folder and then open powershell and type ssh localhost. It will create a new .ssh folder for you, then you can apply the above permission tweaks(for me I only did one thing: disable inheritance).
So if other solutions doesn’t work for you, maybe you can try this. Hope it’s helpful.
PS: don’t forget to backup your old .ssh folder before deleting it.
answered Feb 27, 2020 at 3:47
ZiengZieng
4531 gold badge8 silver badges17 bronze badges
I was having this problem, and no amount of changing permissions or disabling inheritance on the config file would fix it. It turned out that it did not like my computer name and user name being the same, so I re-named my computer, allowed open ssh to re-create the config file, and the permissions are now correct. That was probably a bad idea to begin with, tbh.
answered May 9, 2020 at 7:07
KR-SOKR-SO
111 bronze badge
1
I deleted C:\Users\user/.ssh/config and reran my stuff, then it worked.
However, if you have something valuable there, make a backup first, just in case!
answered Apr 7, 2021 at 18:00
FusseldiebFusseldieb
1,3242 gold badges19 silver badges44 bronze badges
After a domain change over, I started having this same problem. Went through all of the suggestions listed and nothing worked, including both chmod and chown solutions.
I ended up fixing the problem by copying the folder, pasting it, deleting the original, and then renaming it back to .ssh.
answered Jul 27, 2021 at 16:01
For me, re-editing the permission settings in Windows is too complicated. Regenerating another configuration in vscode does not work either.
I set a custom config file path to solve this problem.
[«Remote SSH: Config file»]
The absolute file path to a custom SSH config file.
note: search this option by @ext:ms-vscode-remote.remote-ssh,ms-vscode-remote.remote-ssh-edit config file
answered Aug 3, 2022 at 10:04
The problem seems from the files are owned/has-permission for more than one user.
1- Go to your ./ssh folder and for both config & id_rsa files. From the properties -> Security -> Advanced:
2- Make sure that the user that you are logged in with IS the only user there.
answered Sep 19, 2019 at 13:09
ßastianßastian
1,8343 gold badges13 silver badges22 bronze badges
No group change or whatever,the first answer is right.Change to git ssh.exe
How?
- uninstall win10’s openssh in Settings
- add path of git’s ssh.exe to your
Path
answered Oct 13, 2019 at 15:24
jojo_007jojo_007
1151 silver badge5 bronze badges
For me it was fixed by running chmod 0644 config under ~/.ssh/ when running WSL.
answered Jan 30, 2020 at 11:43
- Rename the config file to something like config2
- Open this file with notepad
- Save As config (original name)
This worked for me.
Ayman Arif
1,4863 gold badges16 silver badges40 bronze badges
answered Aug 16, 2020 at 8:31
I guess it was caused by the wrong path expression.
Bad owner or permissions on C:\Users\gary/.ssh/config
The /.ssh should be \.ssh. So I try to use git bash (the terminal tool when install git in Windows system) to run ssh command. It really works. But I don’t really know if it is caused by the reason I guessed.
answered Oct 15, 2020 at 12:05
nilknownilknow
3293 silver badges6 bronze badges
Hi guys after a troubleshoot for a day I found that this «m.. f..» config file should not stand in the .ssh/ path.
For VSCODE just set the config in ‘C:\ProgrmaData\ssh\ssh_config’ path as proposed in the second choice of the palette command, and forget .shh path for this configuration.
That worked fine for me.
Nota: there was also a known_host file also created here with strange VM names inside, I deleted also this file. and that helps
answered Feb 16, 2022 at 6:08
This is because the config file cannot be accessed normally. We can create a new config file (this file needs to be accessible normally), such as D:/.ssh/config, and then specify the configuration file through the -F option: ssh -F D:/.ssh/config username@ip_address -p port
answered Feb 18 at 7:56
Delete the .config file, it has worked for me
Eric Aya
69.6k35 gold badges181 silver badges253 bronze badges
answered Feb 21 at 2:42
None of the solution above worked. Deleting/Setting permissions etc.
Same settings and no changes done for .config file.
Finally added obvious path for .ssh config as
"C:\User\USERNAME\.ssh\config" (use double slash).
Followed: https://github.com/microsoft/vscode-docs/issues/3210
answered Feb 28 at 11:27
IncredibleIncredible
3,5058 gold badges50 silver badges78 bronze badges
This problem arose when I used the Visual studio code remote ssh connection — extension with WSL 2
I’m not exactly sure whether WSL 2 or VSCode fiddled with it, but after accepting the fingerprint of a local ssh device, the format was like this
C://users//xyz.ssh\blablabla
you see how the slashes are reversed?
Alas, this ancient problem back from the stone age … I resolved it by just deleting the whole .ssh folder, then opening up a CMD (NOT wsl since it is again linux) and just ssh again to the device, accepting the fingerprint yadda yadda.
-> the folder is now fixed! I’m sure this will solve other bad ownership problems too, but then again I’m a local administrator on the computer here, not taking into account corporate admins who might ghost around on this box
answered May 24 at 12:55
clockw0rkclockw0rk
5706 silver badges26 bronze badges
I’ve installed openssh for windows and when I run ssh localhost I get
Bad owner or permissions on C:\Users\gary/.ssh/config
I’ve looked at these 2 questions https://superuser.com/questions/348694/bad-owner-or-permissions-error-using-cygwins-ssh-exe and https://serverfault.com/questions/253313/ssh-returns-bad-owner-or-permissions-on-ssh-config but none of the answers work for me. sshd is running as a service as the Local System user. I’ve run chmod 0600 C:\Users\gary\.ssh\config and chown gary C:\Users\gary\.ssh\config. I’ve also cleared the ACL by running setfacl -b C:\Users\gary\.ssh\config and then chmod 0600 C:\Users\gary\.ssh\config again. I’ve also tried changing the owner to SYSTEM and got the same error.
I’m not sure what else to do, is there anything wrong with my setup? I also have git installed which installed mingw, I deleted ssh and sshd from my git installation so they wouldn’t be on my path.
Other commands I’ve run are
icacls "C:\Users\gary\.ssh\config" /setowner gary
chown -R gary:1049089 C:\Users\gary\.ssh
ls -la C:\Users\gary\.ssh\config shows
-rw-r—r— 1 gary 1049089 229 Jan 3 14:43 ‘C:\Users\gary.ssh\config’
it keeps showing this even after changing the owner to SYSTEM, but in the file properties in file explorer it shows SYSTEM as the owner
asked Apr 19, 2018 at 16:53
5
This started popping up immediately after I created another user with Administrator privileges, and that account began inheriting access to my .ssh folder.
You do not need to change your permissions whatsoever.
Just go to .ssh, right-click Properties, Security Tab, Advanced. DISABLE INHERITANCE, then click on the Administrator user (the one that is not you) and Remove them. Apply. Done.
answered Oct 7, 2019 at 18:32
Jason HughesJason Hughes
2,7021 gold badge11 silver badges10 bronze badges
15
Use ssh client from Git instead of Windows inbuilt SSH client. E.g. set VS Code to use C:\Program Files\Git\usr\bin\ssh.exe instead of C:\Windows\System32\OpenSSH\ssh.exe.
Steps:
- In VS Code navigated to [File] -> [Preferences] -> [Settings] -> Search remote.ssh.path
- Input C:\Program Files\Git\usr\bin\ssh.exe
Alternatively:
- Update PATH environment variable to point to Git bin before Windows System32.
- Type «env» in Start bar to edit System (or account) environment variables.
- Select Path and hit edit.
- Add C:\Program Files\Git\usr\bin\ssh.exe to the list and move it to the top of the list.
Lisa
4,3332 gold badges27 silver badges34 bronze badges
answered May 15, 2018 at 7:57
Gerard CarbóGerard Carbó
1,77518 silver badges16 bronze badges
7
Just got same issue after re-install windows. And easily fixed just by changing the file permissions to
SYSTEM & Administrators - Full Control
[your username] - Modify & as Owner
Note:
- I’m still using Windows 10 built-in SSH client
C:\Windows\System32\OpenSSH\ssh.exe& not using cygwin at all
Suncatcher
10.4k10 gold badges52 silver badges90 bronze badges
answered May 31, 2018 at 12:53
Fery WFery W
1,4121 gold badge15 silver badges28 bronze badges
6
For those still struggling with this, check this out: https://github.com/PowerShell/openssh-portable/pull/418. This was the case for me. It turns out that your computer should be named differently from your username… 🤷♂️ It will probably be fixed soon in future updates, because fix got into commit.
So again: if your computer name is the same as your username and you still haven’t fixed this issue with permissions dialog, then probably renaming your computer could help.
answered Feb 4, 2020 at 1:41
5
Having the exact same issue today, this is how I solved it:
- Go to C:\Users\username.ssh
- Right-click the config file
- Properties -> Security -> Advanced -> Disable Inheritance -> Disable
inheritance -> Remove all inherited permissions from this object ->
Apply -> Yes -> Ok -> Ok
answered Nov 26, 2021 at 9:40
0
Instead of using the properties box, you can use the one liner:
icacls .ssh /grant:r <yourUserName>:f /inheritance:r
/grant:r username:f -> grant and overwrite permissions, giving full permissions to username
/inheritance:r -> remove inherited permissions
Keep known_hosts writable with
icacls .ssh/known_hosts /grant:rw <username>:f /inheritance:r
R Ben R
3444 silver badges9 bronze badges
answered Jun 10, 2021 at 21:39
LarryHLarryH
1,7182 gold badges12 silver badges15 bronze badges
1
I’m not sure what version of Windows you’re running, but since this is recent I’d guess Windows 10. I recently found out that an OpenSSH client is installed by default as of the April 2018 update. I then found I had two instances of OpenSSH: the one I installed myself and the one Windows gave me. Uninstalling the one I had installed caused the error message you describe.
The solution that worked for me was to remove the user-installed OpenSSH as well as the C:\Users\username\.ssh folder, and let Windows 10 OpenSSH create the folder when you run the command the next time. I didn’t have any configuration I was worried about losing, but if you do I’d suggest copying and pasting the contents of the files somewhere and recovering them afterwards.
Hope this helps!
answered Aug 2, 2018 at 1:38
17slim17slim
1,2331 gold badge16 silver badges21 bronze badges
2
Use FixUserFilePermissions.ps1 to fix permissions of client side files — keys and config files of current user.
git clone [email protected]:PowerShell/openssh-portable.git
cd openssh-portable/contrib/win32/openssh
.\FixUserFilePermissions.ps1 -Confirm:$false
answered Jul 26, 2019 at 6:25
SlashGordonSlashGordon
7208 silver badges11 bronze badges
2
On windows server this is due to permission problem. Need to remove access to other users for the following folders
.ssh — folder
Right click on this folder -> Select «Give access to» — > Click on «Remove Access»
Right click on this folder -> Select «properties» — > «Securities» — > Click on «Edit Permissions» — Remove other users except the ID you are logged in.
Repeat the same process for the folder under which you have .pem file. (Note: Keep .pem file in a separate folder)
answered Apr 10, 2021 at 5:54
Dave RadaDave Rada
811 silver badge1 bronze badge
1
For anyone, who still has troubles after applying the owner + modify (plus full control for admins): it did not work for me. Then I saw a solution to remove all other users (incl all admins), which did not help either.
This worked for me:
- leave System and Administrators in place, with full control, as suggested above
- leave the user itself in place, as owner, with modify, as suggested above
- however, remove any other user or group. You probably need to go to advanced first, to disable inheritance of rights
after I removed an administrative user who was added by Windows after entering my folder (by passing through the UAC box), it worked for me again.
Hope this helps for anyone who encounters this specific issue
answered May 17, 2019 at 11:44
benzhibenzhi
1161 silver badge5 bronze badges
0
If User is in Administrative group just keep configuration in
c:\programdata\ssh\ssh_config instead %USERPROFILE%.ssh\config, will work
answered Sep 7, 2019 at 8:32
1
after disabling inheritance, make sure you add your current user, else u cannot edit the file
answered Aug 30, 2021 at 5:15
1
For me it was fixed by running chmod 0644 config under ~/.ssh/. Earlier it was set to 755 which was causing «Bad owner or permissions on /home/home/.ssh/config»
answered Feb 7, 2020 at 11:27
1
I tried all the solutions above, and sadly still can’t fix this issue. I’m pretty sure the permission of my ssh config is correct, this has been verified by the Explore GUI and the Get-Acl commands.
Then I finally find a way to solve it:
delete the entire .ssh folder and then open powershell and type ssh localhost. It will create a new .ssh folder for you, then you can apply the above permission tweaks(for me I only did one thing: disable inheritance).
So if other solutions doesn’t work for you, maybe you can try this. Hope it’s helpful.
PS: don’t forget to backup your old .ssh folder before deleting it.
answered Feb 27, 2020 at 3:47
ZiengZieng
4531 gold badge8 silver badges17 bronze badges
I was having this problem, and no amount of changing permissions or disabling inheritance on the config file would fix it. It turned out that it did not like my computer name and user name being the same, so I re-named my computer, allowed open ssh to re-create the config file, and the permissions are now correct. That was probably a bad idea to begin with, tbh.
answered May 9, 2020 at 7:07
KR-SOKR-SO
111 bronze badge
1
I deleted C:\Users\user/.ssh/config and reran my stuff, then it worked.
However, if you have something valuable there, make a backup first, just in case!
answered Apr 7, 2021 at 18:00
FusseldiebFusseldieb
1,3242 gold badges19 silver badges44 bronze badges
After a domain change over, I started having this same problem. Went through all of the suggestions listed and nothing worked, including both chmod and chown solutions.
I ended up fixing the problem by copying the folder, pasting it, deleting the original, and then renaming it back to .ssh.
answered Jul 27, 2021 at 16:01
For me, re-editing the permission settings in Windows is too complicated. Regenerating another configuration in vscode does not work either.
I set a custom config file path to solve this problem.
[«Remote SSH: Config file»]
The absolute file path to a custom SSH config file.
note: search this option by @ext:ms-vscode-remote.remote-ssh,ms-vscode-remote.remote-ssh-edit config file
answered Aug 3, 2022 at 10:04
The problem seems from the files are owned/has-permission for more than one user.
1- Go to your ./ssh folder and for both config & id_rsa files. From the properties -> Security -> Advanced:
2- Make sure that the user that you are logged in with IS the only user there.
answered Sep 19, 2019 at 13:09
ßastianßastian
1,8343 gold badges13 silver badges22 bronze badges
No group change or whatever,the first answer is right.Change to git ssh.exe
How?
- uninstall win10’s openssh in Settings
- add path of git’s ssh.exe to your
Path
answered Oct 13, 2019 at 15:24
jojo_007jojo_007
1151 silver badge5 bronze badges
For me it was fixed by running chmod 0644 config under ~/.ssh/ when running WSL.
answered Jan 30, 2020 at 11:43
- Rename the config file to something like config2
- Open this file with notepad
- Save As config (original name)
This worked for me.
Ayman Arif
1,4863 gold badges16 silver badges40 bronze badges
answered Aug 16, 2020 at 8:31
I guess it was caused by the wrong path expression.
Bad owner or permissions on C:\Users\gary/.ssh/config
The /.ssh should be \.ssh. So I try to use git bash (the terminal tool when install git in Windows system) to run ssh command. It really works. But I don’t really know if it is caused by the reason I guessed.
answered Oct 15, 2020 at 12:05
nilknownilknow
3293 silver badges6 bronze badges
Hi guys after a troubleshoot for a day I found that this «m.. f..» config file should not stand in the .ssh/ path.
For VSCODE just set the config in ‘C:\ProgrmaData\ssh\ssh_config’ path as proposed in the second choice of the palette command, and forget .shh path for this configuration.
That worked fine for me.
Nota: there was also a known_host file also created here with strange VM names inside, I deleted also this file. and that helps
answered Feb 16, 2022 at 6:08
This is because the config file cannot be accessed normally. We can create a new config file (this file needs to be accessible normally), such as D:/.ssh/config, and then specify the configuration file through the -F option: ssh -F D:/.ssh/config username@ip_address -p port
answered Feb 18 at 7:56
Delete the .config file, it has worked for me
Eric Aya
69.6k35 gold badges181 silver badges253 bronze badges
answered Feb 21 at 2:42
None of the solution above worked. Deleting/Setting permissions etc.
Same settings and no changes done for .config file.
Finally added obvious path for .ssh config as
"C:\User\USERNAME\.ssh\config" (use double slash).
Followed: https://github.com/microsoft/vscode-docs/issues/3210
answered Feb 28 at 11:27
IncredibleIncredible
3,5058 gold badges50 silver badges78 bronze badges
This problem arose when I used the Visual studio code remote ssh connection — extension with WSL 2
I’m not exactly sure whether WSL 2 or VSCode fiddled with it, but after accepting the fingerprint of a local ssh device, the format was like this
C://users//xyz.ssh\blablabla
you see how the slashes are reversed?
Alas, this ancient problem back from the stone age … I resolved it by just deleting the whole .ssh folder, then opening up a CMD (NOT wsl since it is again linux) and just ssh again to the device, accepting the fingerprint yadda yadda.
-> the folder is now fixed! I’m sure this will solve other bad ownership problems too, but then again I’m a local administrator on the computer here, not taking into account corporate admins who might ghost around on this box
answered May 24 at 12:55
clockw0rkclockw0rk
5706 silver badges26 bronze badges
Lately, I have been working a lot with SSH and Windows 10, for one transitioning away from WMI for certain things, hopefully, a blog post coming on that front soon. Setting up SSH on Windows 10 is fairly simple to do, but it is one of those processes that can be wrought with missteps and misinformation from various places. As a case in point, you may receive permissions issues on a private key connecting to Windows 10. Why is this? Let’s take a look at bad owner or permissions on SSH config Windows 10 and see what this relates to.
Public key authentication with Windows 10
First of all, if you see this error mentioned in the title of the blog post, it means you are most likely attempting to configure public key authentication to access your OpenSSH installed and configured in Windows 10. Why do you want to configure public key authentication?
First of all, if you want to know how to configure Windows 10 SSH, take a look at my blog post here:
- OpenSSH Server Windows 10 Install with Public Key authentication
Also, learn about OpenSSH in general here:
- OpenSSH
Public key authentication is noted as a more secure way to authenticate to an OpenSSH server. Why is this? With public-key authentication, you have two parts of a cryptographic key that grants access. It includes both a private key and a public key. The SSH server possesses the public key of the key pair, while you as the user possess the private key. In addition to passing the physical private key file, you can also secure the private key with a password.
So, it is easy to understand how this type of authentication is much more secure. As far as the cryptographic key is concerned, an attacker can’t simply brute force the server to guess a weak, guessable, or cracked password to gain access. They have to have possession of the key and know the password if the private key is secured with one.
SSH clients have also come a long way in recognizing when there may be bad ideas in play when it comes to private key files. If the permissions contain other security permissions on the private key file other than the user that should possess those permissions, the key can be more easily compromised.
Many SSH clients check for the permissions configured on the SSH private key and if these are too permissive, it will not be allowed for use to make the SSH connection. Note the following error seen when trying to SSH into a remote Windows 10 machine with wide-open permissions on the private key file:
The error above states the issue: Permissions for the key file are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored.
To get past the Bad Owner or Permissions on SSH Config Windows 10 error, you need to configure three things:
- Permissions on the authorized_keys file
- Permissions on your private key file
- sshd_config file changes
Part of the process to properly configure your Windows 10 SSH session for public-key authentication is ensuring the permissions are set correctly, both on the authorized_keys file (holds public key) and the private key file that holds the private key side of your key pair. Let’s take a look at both.
When you enable OpenSSH on your Windows 10 machine, you need to create the .ssh directory in the user profile of the user you will be logging in with. This is the location OpenSSH looks to find the authorized public keys, and by extension, the paired private keys that are allowed to access the machine.
By default, when you create the directory and the authorized_keys file, it will have too many permissions assigned. As you can see, it will have the local Administrators group added to the file. Click Advanced.
Here, we need to disable inheritance. This breaks inheritance on the folder and allows you to set explicit permissions.
Choose the option Convert inherited permissions into explicit permissions on this object.
Adjust your permissions so that you only have SYSTEM and your username displayed as having permissions on the authorized_keys file.
Permissions on your private key file
Now, on your private key, you need to ensure the same thing is set. The user that you are logged in with and SYSTEM are the only permissions that need to be enumerated on the private key file.
sshd_config file changes
Now that we have the permissions set correctly on the authorized_keys file and the private key, we need to make sure the sshd_config file is configured correctly. We need to make three changes for this to work correctly:
Below, I have uncommented the PubeyAuthentication yes stanza. Then, we have commented out the PasswordAuthentication yes and Match Group administrators configuration.
PubkeyAuthentication yes
#PasswordAuthentication yes
#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keysBe sure to restart your OpenSSH SSH Server service on your Windows 10 machine after making these changes to the sshd_config file. Once the changes are in place, you should be able to connect to the machine via SSH.
Wrapping Up
Connecting to Windows 10 via SSH is a great way to make secure connections to Windows 10 when public-key authentication is used. It can also be a great way to use solutions like Ansible to connect to your Windows 10 boxes remotely.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
vdonchev opened this issue
May 2, 2018
· 19 comments
Comments
Since yesterday’s windows update (1810), I got this error when trying to connect to any of my servers through ssh:
λ ssh myserver
Bad owner or permissions on C:\\Users\\MY_USER/.ssh/config
I am using cmder 1.3.4 (i have also tried with 1.3.5).
Ok, here’s the solution that worked for me:
Right click on file:
Properties -> Security -> Advanced -> Disable Inheritance -> Remove all inherited permissions from this object
naseefnaseer, nucklehead, livevasiliy, joshuaPurushothaman, and LyricPants66133 reacted with laugh emoji
jpotma, alexdb88, kuhung, neculaionutni, makampf, fider, RobertYim, AnubisYe, adifahmi, Pippinrao, and 21 more reacted with confused emoji
naseefnaseer, jazz7381, techiall, AugustoEscanor, timgh101, livevasiliy, wbmrcb, S-Ammar, joshuaPurushothaman, and kamisoft-fr reacted with heart emoji
naseefnaseer, ooxif, and nwlab reacted with eyes emoji
I fail to see how that is Cmder’s fault?
It’s working ok with gitbash for example. I have this problem with cmder only.
Ok, here’s the solution that worked for me:
Right click on file:
Properties->Security->Advanced->Disable Inheritance->Remove all inherited permissions from this object
Thanks for your solution. It indeed solved my problem but raise another problem that I can’t write config file now. How can I solve this problem?
Ok, here’s the solution that worked for me:
Right click on file:
Properties->Security->Advanced->Disable Inheritance->Remove all inherited permissions from this objectThanks for your solution. It indeed solved my problem but raise another problem that I can’t write
configfile now. How can I solve this problem?
你可以添加一个用户权限
Thanks, eveyone!I have solved, but setting a content in my vs codes solves the issue !
tatiany-jimirobo, Lilac-Lee, tomhht, vadviktor, Heladitooo, kevinsulatra, aafanasyev, and a-sidorova reacted with heart emoji
rizerzero, cristianireyes, jingyao97, tomhht, vadviktor, Heladitooo, kevinsulatra, and aafanasyev reacted with rocket emoji
Ok, here’s the solution that worked for me:
Right click on file:
Properties->Security->Advanced->Disable Inheritance->Remove all inherited permissions from this object
Thanks. It works for me.
Remember to leave permissions for yourself (Full control was fine)
Ok, here’s the solution that worked for me:
Right click on file:
Properties->Security->Advanced->Disable Inheritance->Remove all inherited permissions from this object
this works for me,thanks
Thanks, eveyone!I have solved, but setting a content in my vs codes solves the issue !
It helps for me!!! Thanks!!! (Прописан путь C:\Users\admin\ssh\config как на скрине. И все заработало!)
Thanks, eveyone!I have solved, but setting a content in my vs codes solves the issue !
It helps for me!!!!!!!!!!!!!!! Thanks
Ok, here’s the solution that worked for me:
Right click on file:
Properties->Security->Advanced->Disable Inheritance->Remove all inherited permissions from this object
For me helped ONLY setting permissions Like owner — full control (and disabling permissions inheritance, for sure!!) for two more files — ‘config’ file itself and both of my PRIVATE and PUBLIC keys. Only after that Remote-SSH plugin started working as it has to.
It seems that such permissions for VS Code are good enough like 0600 for «.ssh» folder in Linux OS’es.
You can also fix this from the command line. Here are the commands I used:
icacls c:\users\<username>\.ssh\config /inheritance:r
icacls c:\users\<username>\.ssh\config /grant <username>:f
icacls c:\users\<username>\.ssh\id_rsa /inheritance:r
icacls c:\users\<username>\.ssh\id_rsa /grant <username>:f
Thanks, eveyone!I have solved, but setting a content in my vs codes solves the issue !
Worked for me, thaks!
Ok, here’s the solution that worked for me:
Right click on file:
Properties->Security->Advanced->Disable Inheritance->Remove all inherited permissions from this object
I had to do this change after I changed the disk where Vagrant is installed.
Ok, here’s the solution that worked for me:
Right click on file:
Properties->Security->Advanced->Disable Inheritance->Remove all inherited permissions from this object
If you followed this without thinking, like I did, it will solve the problem but leave you with no permissions on the file.
I resolved this by opening a PowerShell with Administrator privileges, and then ran the following command on the file:
takeown /F C:\Users\<user-name>\.ssh\config
Where <user-name> is your user name on the system. Then, you can set yourself as the owner and reassign permissions properly through the right-click menu as you normally would.
Hope this helps someone.
Thanks, eveyone!I have solved, but setting a content in my vs codes solves the issue !
best answer!!! thank u
Thanks, eveyone!I have solved, but setting a content in my vs codes solves the issue !
Thank you! This works for me.
Недавно случилась беда, мой любимы Visual Code перестал соединяться с удаленным сервером, ссылаясь на ошибку
Bad owner or permissions on C:\\Users\\USER/.ssh/config
В общем, звучит это в духе, что у нас нет прав на использование файлов внутри .ssh и попросту говоря, что мы не владельцы и система шлет нас н…уй, причем, шлют именно CMD и Powershell, которые используются Visual Code для удаленного соединения через плагин Remote SSH.
Решение этой непутевой ошибки довольно простое, для этого нужно клацать правой кнопкой мыши на файл .ssh/config и убрать все унаследованные права, проследуя командам Свойства -> Безопасность -> Дополнительно -> Убрать наследование -> Удалить все унаследованные разрешения от этого объекта