Ever locked yourself out of your own server just by copying files with scp? That’s exactly what happened to an engineer who wrote about it on sny.sh.
Here’s what went down. They wanted to transfer a local folder to the home directory on their server:
scp -r . host:Looks harmless, right? The problem was that the local folder had permissions set to rwxrwxrwx, or 777 (probably left over from testing something).
Turns out scp from OpenSSH doesn’t just copy files. It also changes the target folder’s permissions to match the source. So the home directory (/home/user) on the server got set to 777.
And that’s when everything broke. Next SSH login attempt, sshd flat out refused:
Authentication refused: bad ownership or modes for directory /home/userOpenSSH is strict about this. If your home directory or .ssh folder is world-readable (777), it won’t accept public key authentication. It’s a security measure, and it makes sense, but it sure doesn’t feel great when you’re the one locked out.
Luckily, this person still had WebDAV access to the server and could fix the home directory permissions back to 700 (rwx------). Without that, the server would’ve been toast, especially if it’s a headless Raspberry Pi with no other way in.
Watch out when using scp -r, especially when copying directly into your home directory. This behavior has been reported and should be fixed in OpenSSH 10.3.