Can’t SSH to Azure Linux VM because permissions are too open
Symptoms
You can't connect to your Microsoft Azure Linux virtual machine (VM) by using Secure Shell (SSH). You notice the following entries in the system log (/var/log/messages, /var/log/syslog, /var/log/secure, or /var/log/auth.log):
sshd: error: Permissions 0777 for '/etc/ssh/sshKeyName' are too open. sshd: error: It is required that your private key files are NOT accessible by others. sshd: error: This private key will be ignored. sshd: error: key_load_private: bad permissions shd: error: Could not load host key: /etc/ssh/sshKeyName
Cause
This issue might occur if the /etc/ssh configuration directory or the files in this directory are accessible by users other than the owner. This is usually caused by running a "chmod" command on the wrong directory or running a "chmod" command that has incorrect parameters.
Resolution
To resolve the issue, restore the appropriate permissions to the configuration directory. To do this, follow the steps in the online repair section. If you can't use the Run Command feature or the Azure Serial Console, go to the Offline repair section.
Online repair
Run Command by using VM agent
If the VM agent is installed on the VM, you can use the Run Command feature to run the restoring script:
Sign in to the Azure portal, and then go to the VM page.
In the Operations section, select Run Command > RunScriptShell, and then run the following script. Replace
<username>with your user name.chmod –R 644 /etc/ssh chmod 600 /etc/ssh/ssh_host*key chmod 600 /etc/ssh/sshd_config chmod 755 /home/<username> chmod 700 /home/<username>/.ssh chmod 600 /home/<username>/.ssh/authorized_keys cd /home chown <username> <username>
Azure Serial Console
Connect to the VM by using Azure Serial Console, and log on to your account.
Run the following command to restore the appropriate permissions to the configuration directory and the files. Replace
<username>with your user name.chmod –R 644 /etc/ssh chmod 600 /etc/ssh/ssh_host*key chmod 600 /etc/ssh/sshd_config chmod 755 /home/<username> chmod 700 /home/<username>/.ssh chmod 600 /home/<username>/.ssh/authorized_keys cd /home chown <username> <username>Restart the sshd service, and try again to connect to the VM by using ssh.
systemctl restart sshd
Offline repair
If you can't access the VM by using the Azure Serial Console, then the repair must be done in offline mode because the VM isn't starting, or Serial Console is not enabled.
Follow steps 1-3 of the VM Repair process to create a repair VM. The repair VM will mount a copy of the OS disk for the failed VM automatically.
Connect to the repair VM by using SSH.
Run
lsblkto identify the root partition of the failed VM. Typically, the root partition is "sdc1."Create a temporary mount point. For example, run the following command:
mkdir /repairMount the root partition on the temporary mount point. For example, use
/dev/sdc1in the following command:mount /dev/sdc1 /repair/Restore the appropriate permissions to the configuration directory and files. Replace
<username>with your user name.chmod –R 644 /repair/etc/ssh chmod 600 /repair/etc/ssh/ssh_host*key chmod 600 /repair/etc/ssh/sshd_config chmod 755 /home/<username> chmod 700 /home/<username>/.ssh chmod 600 /home/<username>/.ssh/authorized_keys cd /home chown <username> <username>Unmount the boot partition:
umount /repairUse step 5 of the VM Repair process to mount the repaired OS disk to the failed VM.
Start the failed VM, and try again to connect to the VM by using SSH.
Next steps
If this article doesn't resolve your issue, visit the Azure forums on MSDN and Stack Overflow. You can post your issue in these forums, or post to @AzureSupport on Twitter.
You also can submit an Azure support request. To submit a support request, go to the Azure support page, and select Get support.
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for