What does chmod 600 mean? Private key permissions, SSH, and secure file practices
chmod 600 sets permissions to rw-------: only the owner can read and write the file. The group and everyone else get no access at all. This is the required permission for SSH private keys, and SSH will refuse to use a key file with broader permissions as a security measure.
Calculator
CHMOD Configurator
Calculate Linux file permissions using checkboxes, octal numbers, or symbolic notation.
Owner
Group
Public
Command Line Example
How this is calculated
In octal, 6 = 4+2+0 (read+write) for the owner; the zeroes for group and others mean no permissions whatsoever. 600 is the standard for anything containing secrets: SSH keys, GPG private keys, database credential files, API token files. The principle is least privilege: if only one user needs access, only that user should have access. Many applications will warn or refuse to run if their config files are world-readable and contain passwords.
Verdict
600 is the correct permission for any file containing credentials, keys, or secrets. Make it a habit: whenever you create an SSH key, a .env file with passwords, or a database config, chmod 600 immediately.