69

To generate the .ssh dir I use this command:

ssh-keygen

taken from this tutorial: http://ebiquity.umbc.edu/Tutorials/Hadoop/05%20-%20Setup%20SSHD.html

But the .ssh directory is not created so when I use cd ~/.ssh I get this error:

"no such file or directory"

Is there a step missing ? Should the .ssh dir be created when I use the ssh-keygen command?

mvp
  • 111,019
  • 13
  • 122
  • 148
blue-sky
  • 51,962
  • 152
  • 427
  • 752

3 Answers3

99

I am assuming that you have enough permissions to create this directory.

To fix your problem, you can either ssh to some other location:

ssh user@some.host

and accept new key - it will create directory ~/.ssh and known_hosts underneath, or simply create it manually using

mkdir ~/.ssh
chmod 700 ~/.ssh

Note that chmod 700 is an important step!

After that, ssh-keygen should work without complaints.

mvp
  • 111,019
  • 13
  • 122
  • 148
  • 1
    I'm inside chroot, and it can't (nor can I) create "/.ssh/" directory, I'd like to give the ssh command a different directory, in this case "/private/.ssh". I don't have `env`, and setting `set HOME=/private/` does not work. Any ideas? – Ciantic Jun 20 '13 at 13:20
  • The authorized keys should be chmod 600 or for me it doesn't work. – Alper Oct 27 '15 at 10:06
  • Who should own it? User and it's group? – Gherman Jun 28 '20 at 15:28
14

Is there a step missing?

Yes. You need to create the directory:

mkdir ${HOME}/.ssh

Additionally, SSH requires you to set the permissions so that only you (the owner) can access anything in ~/.ssh:

% chmod 700 ~/.ssh

Should the .ssh dir be generated when I use the ssh-keygen command?

No. This command generates an SSH key pair but will fail if it cannot write to the required directory:

% ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/xxx/.ssh/id_rsa): /Users/tmp/does_not_exist
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
open /Users/tmp/does_not_exist failed: No such file or directory.
Saving the key failed: /Users/tmp/does_not_exist.

Once you've created your keys, you should also restrict who can read those key files to just yourself:

% chmod -R go-wrx ~/.ssh/*
johnsyweb
  • 136,902
  • 23
  • 188
  • 247
  • You forgot to tell the reader to setup the permissions on .ssh – shrewmouse May 01 '17 at 15:05
  • @Shrewmouse: Fixed – johnsyweb May 02 '17 at 02:55
  • `chmod -R go-wrx` makes the assumption that the permissions of the dir has rwx set for the owner. `chmod -R 700` is foolproof-ish. Even if you fix that, In the end, your answer is a subset of the accepted answer. You maybe should just remove your answer. – shrewmouse May 02 '17 at 17:38
  • @Shrewmouse: I think that's a perfectly reasonable assumption on a freshly created directory. Who on earth would want `~/.ssh/id_rsa` to be _executable_? – johnsyweb May 02 '17 at 20:12
  • ~/.ssh/id_rsa doesn't exist at this point in your workflow so your point is moot. It's never a reasonable to assume when you can be explicit with less characters. `chmod 700` trumps `chmod go-wrx` because it's explicit. If you like to use 'rwx and 'ugo' then `chmod u+rwx ~/.ssh; chmod go-rwx ~/.ssh` – shrewmouse May 02 '17 at 20:45
14

As a slight improvement over the other answers, you can do the mkdir and chmod as a single operation using mkdir's -m switch.

$ mkdir -m 700 ${HOME}/.ssh

Usage

From a Linux system

$ mkdir --help
Usage: mkdir [OPTION]... DIRECTORY...
Create the DIRECTORY(ies), if they do not already exist.

Mandatory arguments to long options are mandatory for short options too.
  -m, --mode=MODE   set file mode (as in chmod), not a=rwx - umask
...
...
slm
  • 15,396
  • 12
  • 109
  • 124