Authentication refused: bad ownership or modes for file /var/git/.ssh/authorized_keys
The problem is the fact that file and directory permissions do not meet the requirements of StrictModes
, which in OpenSSH is yes
by default and should not be changed. Try setting the permissions of authorized_keys
to 0600
and the .ssh
directory to 0700
.
# chmod 0700 .../.ssh/
# chmod 0600 .../.ssh/authorized_keys
Note that the ...
will differ based on installation (e.g., in this question it is /var/git/
but for users it will be /home/username/
.
For reasons of paranoia, the .ssh
directory and authorized_keys
must not be group-writable. I guess the thinking is, the user must be the only one with explicit control over his/her authorization. I believe a work-around for this lies with ACL. The other work around is StrictModes=no
setting in sshd's configuration file. But it would be too dangerous to do that for the sake of one user.
P.S. your ls -l /var | grep git
is more concisely done as ls -ld /var/git
The $HOME/.ssh
directory mode must be 700 and authorized_keys
should be readable by the owner only, i.e. mode 600:
chmod u=rwx,g=,o= /var/git/.ssh
chmod u=rw,g=,o= /var/git/.ssh/authorized_keys
As to the private key, it must be read-write-able by the owner only:
chmod u=rw,g=,o= /var/git/.ssh/id_?sa