Update passwordless.md (raspberrypi#1743)

* Update passwordless.md

Remark on setting correct directory permissions if connecting via ssh fails

* Fixed grammar in passwordless.md

* use $HOME for chmod in passwordless.md

Author: lprc

remote-access/ssh/passwordless.md

@@ -84,6 +84,25 @@ If this does not work, you can get assistance on the [Raspberry Pi forums](https
 
 **Note:** you can also send files over SSH using the `scp` command (secure copy). See the [SCP guide](scp.md) for more information.
 
+## Adjust permissions for your home and .ssh directories
+
+If you can't establish a connection after following the steps above there might be a problem with your directory permissions. First, you want to check the logs for any errors:
+
+```bash
+tail -f /var/log/secure
+# might return:
+Nov 23 12:31:26 raspberrypi sshd[9146]: Authentication refused: bad ownership or modes for directory /home/pi
+```
+
+If the log says `Authentication refused: bad ownership or modes for directory /home/pi` there is a permission problem regarding your home directory. SSH needs your home and `~/.ssh` directory to not have group write access. You can adjust the permissions using `chmod`:
+
+```bash
+chmod g-w $HOME
+chmod 700 $HOME/.ssh
+chmod 600 $HOME/.ssh/authorized_keys
+```
+Now only the user itself has access to `.ssh` and `.ssh/authorized_keys` in which the public keys of your remote machines are stored.
+
 ## Store the passphrase in the macOS keychain
 
 If you are using macOS, and after verifying that your new key allows you to connect, you have the option of storing the passphrase for your key in the macOS keychain. This allows you to connect to your Raspberry Pi without entering the passphrase.