Authentication refused: bad ownership or modes for ...(sshd)

In fatal: bad ownership or modes for chroot directory component (sshd) we analyzed how sshd checks directory permission for chrooted sftp connection.

Actually, sshd checks home directory permissions for non-chrooted sftp connection as well.
This happens when public key is used to authenticate the sftp-connection.

1. Password authentication for non-chrooted sftp connection does NOT check home dir permissions

If you only use an interactive password to connect non-chrooted sftp connection, the sftp account's home dir can have any permissions. sshd does NOT care about it at all.

2. Public Key authentication for non-chrooted sftp connection checks home dir and .ssh permissions

• home dir must be only writable to its owner
• ~/.ssh/authorized_keys must be 600 or stricter.

The check can be omitted if "StrictModes no" is in /etc/ssh/sshd_config. The default is "yes".

3. For chrooted sftp connection, chrooted directory's permissions are always checked unconditionally.

For more info, please refer to

fatal: bad ownership or modes for chroot directory component (sshd)