There is a point to this story, but it has temporarily escaped my mind...
Contact Me MyFaceBook MyLinkedIn MyGitHub MyTwitter

Fix "bad owner or permissions" for SSH in Cygwin

When I upgraded my Cygwin installation from 1.7.33 to 1.7.34, I started to get a “bad owner or permission” error message when I'd start a SSH connection. I searched the web for a couple of days but every website that I went to said to do:

cd .ssh
chmod 600 config
chmod 600 id_rsa

Unfortunately, every time I'd execute that, the permissions would not change and I see this for the directory listing:

user@LAPTOP:~/.ssh
$ dir
total 72K
d---rwx---+ 1 user Domain Users    0 Feb  1 18:46 .
d---rwx---+ 1 user Domain Users    0 Jan 31 20:57 ..
----rwx---+ 1 user Domain Users 1.5K Oct 29 18:13 config
----rwx---+ 1 user Domain Users 1.7K May 18  2013 id_github
----rwx---+ 1 user Domain Users 1.5K Aug  6  2014 id_github.ppk
----rwx---+ 1 user Domain Users 1.7K Feb 17  2013 id_host1
----rwx---+ 1 user Domain Users 1.5K Aug  6  2014 id_host1.ppk
----rwx---+ 1 user Domain Users 1.7K May  5  2014 id_host2
----rwx---+ 1 user Domain Users 1.7K May 18  2013 id_host3
----rwx---+ 1 user Domain Users 1.7K Mar  8  2011 id_host4
----rwx---+ 1 user Domain Users  883 Jan 14  2013 id_rsa
----rwx---+ 1 user Domain Users 8.7K Feb  1 14:15 known_hosts

I finally came across a mailing list post talking about how the new version of Cygwin took ACLs into account when calculating permissions. This turned out to be the answer and directed me toward the solution:

setfacl --s user::rw-,group::---,other::---,mask::--- config
setfacl --s user::rw-,group::---,other::---,mask::--- id_github
setfacl --s user::rw-,group::---,other::---,mask::--- id_host1
setfacl --s user::rw-,group::---,other::---,mask::--- id_host2
setfacl --s user::rw-,group::---,other::---,mask::--- id_host3
setfacl --s user::rw-,group::---,other::---,mask::--- id_host4
setfacl --s user::rw-,group::---,other::---,mask::--- id_rsa

which then gave me the correct permissions:

user@LAPTOP:~/.ssh
$ dir
total 72K
d---rwx---+ 1 user Domain Users    0 Feb  1 18:46 .
d---rwx---+ 1 user Domain Users    0 Jan 31 20:57 ..
-rw-------  1 user Domain Users 1.5K Oct 29 18:13 config
-rw-------  1 user Domain Users 1.7K May 18  2013 id_github
----rwx---+ 1 user Domain Users 1.5K Aug  6  2014 id_github.ppk
-rw-------  1 user Domain Users 1.7K Feb 17  2013 id_host1
----rwx---+ 1 user Domain Users 1.5K Aug  6  2014 id_host1.ppk
-rw-------  1 user Domain Users 1.7K May  5  2014 id_host2
-rw-------  1 user Domain Users 1.7K May 18  2013 id_host3
-rw-------  1 user Domain Users  883 Mar  8  2011 id_host4
-rw-------  1 user Domain Users 1.7K Jan 14  2013 id_rsa
----rwx---+ 1 user Domain Users 8.7K Feb  1 14:15 known_hosts

After this, SSH worked the same as when Cygwin 1.7.33 was installed. I'm not sure if SSH was upgraded during upgrade so it may have been the result of a newer version of OpenSSH. Checking the version indicates that the binary was most likely part of the upgrade:

user@LAPTOP:~/
$ ssh -V
OpenSSH_6.7p1, OpenSSL 1.0.1k 8 Jan 2015
Copyright © 2019 by Julian Easterling. SOME RIGHTS RESERVED.
Privacy Policy              Terms of Use             


Creative Commons License
Except where otherwise noted, content on this site is
licensed under a Creative Common Attribution-Share Alike 4.0 International License.


All of the opinions expressed on this website are those of Julian Easterling and
do not represent the views of any of my current and previous clients or employers in any way.

If you notice an error on the site or content that has not been properly attributed, bring
it to my attention using the contact page and I will endeavor to fix it as soon as I can.

I accept no responsibility or liability for any damages incurred by following any of
my advice or by using any of the information on my site or of those sites that I link to.