[Solved] – How to Fix SSH Permission Denied (Publickey) Error Message

By
Edwin
how to fix ssh permission denied publickey error

You want to apply a critical patch on your Linux servers. This has been done many times so it should not be a problem (probably). You attempt a connection to the remote server and you are greeted with an error message: SSH permission denied (publickey). This error message is now blocking you from accessing the remote server and can frustrate you. While it is easy to fix this error (which this article is about), we highly recommend understanding why this error message pops up, so that you are fully prepared the next time. In this article, we have explained the common reasons why this error message shows up and also the troubleshooting instructions.

Why is SSH important

In the Linux world that consistently faces malicious attacks, vulnerability exploits, and data integration threats, SSH is a savior. SSH is crucial for securely accessing and managing your remote servers. SysAdmins and SREs use SSH to perform their regular tasks such as file management, file transfers, patching, command execution, and many more with security. SSH allots a secure communication pathway to the remote servers so that any and all data are protected from unintended endpoints. In short, SSH is the key component to provide confidentiality and security when you work with remote servers.How does SSH do that? Through authentication mechanisms like public key authentication.

When would you see the SSH permission denied (Publickey) error message

Let us see the common reasons that are behind the SSH permission denied error message.

SSH Key pair mismatch

In SSH, secure communication happens through a pair of keys: private and public key. The private key is usually stored on the user’s device and used to authenticate the user by decrypting the data. The public key is used to encrypt the data which can only be decrypted by the respective private key. The public key is located in the

“authorized_keys”
file. This key pair facilitates secure data transmission. When the private key on the client mismatches with the public key present in the
“authorized_keys”
file, the remote server access will be blocked with the error message: SSH Permission Denied (Publickey).

Incorrect SSH permissions

If the SSH keys or the

“.ssh”
directory has incorrect file permissions, SSH will block access to the remote server. If SSH detects that the permissions are suspicious, like read or write access to others, SSH will reject the use of the keys used for security reasons. Ensure proper and strict permissions to prevent SSH errors.

Public key not authorized

As explained earlier, the public key a user uses to authenticate should exist in the

“authorized_keys”
file on the server. The
“authorized_keys”
file in the
“.ssh”
directory contains the public keys that are allowed to access the account. If the public key used by the user does not exist in the file maintained in the server, the connection attempt will be unsuccessful with the error message “
SSH permission denied (Publickey)
“.

SSH agent errors

An SSH agent is a program that contains the private keys and provides the keys to SSH sessions whenever required. If the SSH agent does not contain the private key or if the SSH agent is down, the authentication will fail.

“ssh_config” and “sshd_config” files incorrect settings

The “

ssh_config
” file is maintained on the client side and the “
sshd_config
” file is maintained on the server side. If the settings in these files are wrong, the authentication will not be successful. For example, if the “
IdentifyFile
” paths in the “
ssh_config
” file is incorrect or if “
PubkeyAuthentication
” is set to “No” in “
sshd_config
” file, access to the remote server will fail with the error message “
SSH Permission Denied (PublicKey)
”.

Troubleshooting steps for SSH Permission Denied (PublicKey)

Step 1: Double check the SSH key pair. If required, use ssh-keygen to generate a new SSH key pair.
Step 2: Set proper permissions for SSH. If required, execute this command to set proper SSH permissions.

chmod 700 ~/.ssh<br />chmod 600 ~/.ssh/id_rsa<br />chmod 644 ~/.ssh/id_rsa.pub

The command “

chmod 700 ~/.ssh
” allows the user complete read, write, and execute permissions and denies permissions to all other users. The command “
chmod 600 ~/.ssh/id_rsa
” gives the operating user full read and write permissions and denies permissions to all other users. The command “
chmod 644 ~/.ssh/id_rsa.pub
” provides the user with full read and write permissions and read-only permission for other users.

Step 3: Manually edit the “

authorized_keys
” file. You can also copy the public key to the server using the command
ssh-copy-id user_name@remote_server_name

Step 4: Restart the SSH agent and add the private key. Execute these commands to do so.

eval "$(ssh-agent -s)"<br />ssh-add ~/.ssh/id_rsa

Step 5: Verify the SSH Configuration in

~/.ssh/config
and /
etc/ssh/sshd_config
.

Let’s get started

Use these troubleshooting instructions to fix the SSH permission denied (publickey) error message and ensure seamless access to all your remote servers.

Related Articles

How to access remote servers using SSH (RedHat’s documentation)

Some more articles that could be of interest for you