Snowflake key-pair authentication fails when private key is owned by root [Linux]
On Sisense Linux deployments that use Key Pair Authentication for Snowflake, a connection attempt will fail if the private-key file is owned by a different Linux user (most commonly root) instead of the Sisense installation user (usually sisense, UID 1000). The Snowflake JDBC driver cannot read the key under these conditions, leading to “Authentication failed” errors in the UI and “Private key file not found or unreadable” messages in the Query service logs.
Step-by-Step Guide
- Verify ownership and permissions: sudo ls -l /opt/sisense/storage/ssh_key
Example incorrect output - root user is owner:
-rw-r--r-- 1 root root 1785 Jun 5 23:24 rsa_key.privsisense - Change the file owner and group to the Sisense installation user (with UID 1000 by default):
sudo chown sisense:sisense /opt/sisense/storage/ssh_key/keyfile - Adjust permissions to allow Sisense read access:
sudo chmod 644 /opt/sisense/storage/ssh_key/rsa_key.privsisense
- 640 permissions are also acceptable if your security policy is stricter. - Restart the Query Service:
kubectl -n sisense rollout restart deployment query - Re-test the Snowflake connection
In the Sisense data model → Connection Settings → Change Connection → leave existing settings and click Done.
- A successful validation confirms the fix.
Conclusion
The Snowflake key-pair workflow depends on the Sisense services being able to read the private key. Ensuring that the key file is owned by the Sisense installation user—and not root—with readable permissions resolves the authentication failure without regenerating keys.
Related Content
Sisense Docs → Connecting to Snowflake | Key Pair Authentication
Published 07-21-2025
