June 22, 2026?3 min

SSH Keys in Production: Stop Fixing Permissions Manually

I've seen too many deployments fail because of SSH key permissions. Here's how to handle it properly.

SecurityAutomationOpen SourceNode.js

I've spent more time than I'd like to admit debugging SSH permission issues in client deployments. The classic 0644 error on private keys? It's a symptom of a larger problem: manual DevOps processes that rely on developers remembering steps.

When I'm onboarding someone to Seven Suite or setting up ERPNext instances for clients, SSH key management always comes up. Someone clones a repo, generates keys, forgets to chmod 600, then spends 20 minutes confused why git push won't work.

Here's what I've learned: automation beats documentation every time.

I started baking SSH key validation into deployment scripts. Nothing fancy—just a bash check that verifies permissions before trying to authenticate. If it finds 0644 or worse, the script fixes it automatically and logs what happened. No cryptic warnings. No manual intervention needed.

For Seven CMS and Seven Shop, I went further. The installation setup now includes a key permission validator that runs before any Git operations. It's a three-line function, but it's saved me from embarrassing support calls.

The bigger lesson: your tools should work for beginners, not against them. I see DevOps setups that assume users will read man pages and remember obscure flag combinations. Then they act surprised when people get it wrong.

If you're building anything that touches deployment—whether it's an open source project or internal tooling—detect these problems and fix them automatically. Not because it's hard to fix manually, but because every manual step is friction that will eventually bite you.

For my paid support tier on Seven Suite, I actually include a DevOps health check that scans for these issues on client servers. Catches permission problems, key rotation gaps, and other security gotchas before they become incidents. Costs me 20 minutes to build once, saves clients hours of debugging.

Better tool design means fewer support tickets. And fewer support tickets means I have time to actually build features people want.

If you're managing SSH keys anywhere in your stack, automate the boring safety checks. Your future self will thank you.