.ssh / id_rsa falló: permiso denegado

I have been scanning the web/SO and read several permission denieds plea's for help I just cant find one that solves my issue in a way i understand.

I'm following these instructions (Getting Started with Python on Heroku/Cedar). Everything went alright until:

drewverlee@ubuntu:~/helloflask$ source venv/bin/activate
(venv)drewverlee@ubuntu:~/helloflask$ git push heroku master

The authenticity of host 'heroku.com (' can't be established.
RSA key fingerprint is ##:##:##:##:##:##:##:##:##:##:##:## (I replaced with #)
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/drewverlee/.ssh/known_hosts).
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

(Not sure of security so i replaced the key with (#))

I think it might be because of

drwx------  2 root       root        1024 2012-03-08 21:26 .ssh


drewverlee@ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/drewverlee/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
open /home/drewverlee/.ssh/id_rsa failed: Permission denied.
Saving the key failed: /home/drewverlee/.ssh/id_rsa.

As someone with little experience in these matters i'm not sure how to undo what i have done safely as i know i'm meddling with powerful tools. Any advice on whats going on here? Let me know if i need to include more information to solve the problem.

preguntado el 09 de marzo de 12 a las 15:03

@CIRCLE that doesn't look like a good idea to me -

5 Respuestas

You should own the permissions to the .ssh dir in your own directory, but in your case, it's owned by root. Try

cd ~
sudo chown drewverlee .ssh

and then retry creating keys and connecting.

respondido 09 mar '12, 15:03

I figured out how to own my entire user directory as i read this was probable the efficient thing todo . Thanks for pointing me in the right direction. - Drew Verlee

I found that ssh-keygen prefers to create the .ssh directory. If the directory already exists it emits a permission denied message regardless of permissive ownership permissions configuration. - ddoxey

For some reasons, the id_rsa file in the ~/.ssh folder was in read-only mode for my user (0400). I changed that to read-write (0600) with

chmod 0600 id_rsa

and after I was obviously able to overwrite the file. I guess these are the highest permissions you can give to this file, as others wouldn't make too much sense.

Respondido 22 Jul 17, 12:07

Since none of the answers above worked for me. I will post my answer:

If you still remember the password and want to keep old id_rsa, then use RECOMMENDED SOLUTION, else go to NOT RECOMMENDED SOLUTION.


  1. Reset permission to correct value
chmod -c 0644 id_rsa.pub
chmod -c 0600 id_rsa


  1. Remove old ssh
sudo rm -rf ~/.ssh/id_rsa
sudo rm -rf ~/.ssh/id_rsa.pub
  1. Generate new ssh and use it (see https://help.github.com/enterprise/2.15/user/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/)

Por qué funcionó:

  • ssh created by sudo command is ssh for root, not for the user. This means that ssh-add ~/.ssh/id_rsa will fail to add root ssh to a user.
  • when you try to generate new user ssh, you cannot successfully replace the old one because it was generated for root.

(Please ask me to fix my answer if there is something wrong. thx :)

Respondido el 26 de junio de 21 a las 09:06

By deleting old key, you will lose access to all ssh servers where you were using old key instead just change permission and ownership to fix this problem! - Rehan Haider

I had the same problem on CentOS 6. Solved it by removing selinux:

sudo yum remove selinux*

encontré la respuesta aquí

Nota: probably not a good idea to blindly remove selinux if you don't know what you're doing though

contestado el 22 de mayo de 12 a las 17:05

it's easier to disable selinux, rather than remove it by changing SELINUX=disabled in /etc/selinux/config. Ver Cenos Docs - Mark Fisher

Stop Disabling Selinx it it was truly an selinux issue you should fix the contexts by reviewing your audit logs. - Eric Rich

My user (ubuntu - you can find out typing whoami) did own the ~/.ssh folder but it still wasn't letting me use the symlink (File: ~/.ssh/my_file_rsa) from ssh-keygen. So I just cd'ed into the ~/.ssh folder and didn't put an outside path for the rsa file name.

ls -Al ~

cd ~/.ssh
Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa):  my_file_rsa

Respondido el 27 de Septiembre de 18 a las 23:09

cd-ing into the ~/.ssh directory worked for me. I'd love to know more about why this works. - alaap

@aalaap: strangely this worked for me as well. I would also like to know why. - claros

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.