SSH Permission Denied (publickey) Troubleshooting
SSH is a secure protocol used to access and manage remote servers, it relies on a public and private key pair for authentication. The public key is usually stored on the remote server while the private key is kept on the local machine. When a user tries to access the remote server, SSH uses the public and private keys to authenticate the user. However, sometimes SSH can fail to authenticate the user with the following error message: “Permission denied (publickey)”.
In this blog, we will explore the most common causes of this error message and how to troubleshoot them.
Incorrect permissions on the SSH files
The first thing to check when encountering the “Permission denied (publickey)” error is the permissions on the SSH files. SSH files should have the correct permissions set in order for SSH to work properly. To check the permissions, run the following commands:
ls -al ~/.ssh
This will list the files in the .ssh directory, including the permissions on those files. Ensure that the files have the following permissions:
-rw------- 1 user user 668 Jun 15 2019 authorized_keys
-rw-r--r-- 1 user user 1675 Apr 11 16:23 config
-rw------- 1 user user 1679 Apr 11 16:22 id_rsa
-rw-r--r-- 1 user user 400 Apr 11 16:22 id_rsa.pub
-rw-r--r-- 1 user user 796 Apr 11 16:23 known_hosts
Note that the authorized_keys and id_rsa files should have read and write permissions for the user only (600) while the id_rsa.pub, known_hosts, and config files should have read permissions for all users (644).
If the permissions are incorrect, you can fix them by running the following commands:
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/known_hosts
chmod 644 ~/.ssh/config
chmod 600 ~/.ssh/authorized_keys
Incorrect public key
If the permissions on the SSH files are correct, the next thing to check is whether the public key is correct. The public key is usually stored on the remote server in the ~/.ssh/authorized_keys file.
To check the contents of the authorized_keys file, run the following command:
Make sure that the public key in the authorized_keys file matches the public key on the local machine. If the public key is incorrect, you can fix it by copying the correct public key to the authorized_keys file on the remote server.
Incorrect private key
If the public key is correct, the next thing to check is whether the private key is correct. The private key is usually stored on the local machine in the ~/.ssh/id_rsa file.
To check the contents of the id_rsa file, run the following command:
Make sure that the private key in the id_rsa file matches the private key on the remote server. If the private key is incorrect, you can fix it by copying the correct private key to the local machine.
If the public and private keys are correct, the next thing to check is whether the username is correct. Make sure that you are using the correct username to access the remote server. The username should be in the format:
If you are still getting the “Permission denied (publickey)” error, you can try adding the -vvv option to the ssh command to get more verbose output. This will give you more information about what is going wrong.