SSH (Secure Shell) is a network protocol allowing secure communication. With this protocol, the server relates to the client to perform several operations, including system/network-based administration, file transfer, etc.
Sometimes, while establishing an SSH connection, you will encounter the “Permission denied (publickey)” error in SSH. The “denied publickey” error occurs when the SSH fails to authenticate the client using public key cryptography. There are several core reasons behind this activation failure.
In this post, we will list the possible reasons and propose solutions to encounter/fix the “ssh permission denied publickey.” The SSH-related commands are the same across all the Linux distributions. However, we practiced the commands on Ubuntu 22.04.
How to Fix the “ssh permission denied publickey” Error?
The core reason for this error is concerns with the publickey. However, there are several potential reasons behind this publickey failure. Let’s describe them one by one:
Incorrect Public Key
The public key used by the client may need to be corrected or matched with the corresponding private key stored on the client system or configured on the server. The public key must be accurately copied and configured on the server’s authorized_keys file.
Incorrect Private Key
The private key stored on the client system may need to be corrected or added. The client’s private key must be correctly associated with the public key at the server’s end.
The permissions on the client’s private key or the server’s authorized_keys file may be set incorrectly. The private key should have restricted permissions (600 or 400), and the authorized_keys file on the server should have appropriate permissions (600 or 644) and be owned by the correct user.
Key Pair Not Generated
The key pair (public and private key) may have needed to be generated properly using a tool like ssh-keygen. This can be encountered by creating a Key pair and ensuring the file key pair is configured correctly.
SSH Agent Issues
If an SSH agent is being used to manage the private key, there may be issues with the agent or its configuration. The agent should be running and properly configured to handle the private key.
Server-Side Configuration Issues
There may be configuration issues on the server side, such as incorrect permissions on the server’s home directory, incorrect configuration of the authorized_keys file, or disabled public key authentication in the SSH server’s configuration. These can be fixed by manipulating the sshd_config file.
At the moment, we have described the possible reasons for this failure. You must also know why this “ssh permission denied publickey” arose at your end. So, by examining your reason, you can choose the relevant solution.
Solution 1: Generate and Add SSH Key Pair
If the Private key is incorrect or not generated, you must generate and add the SSH key to the server. The key is generated using the ssh-keygen command and is added to the server using the ssh-copy-id command.
Generate SSH Key Pair
Add the SSH Key Pair
$ ssh-copy-id linuxuser@linuxgenie
Once added, restart the SSH services to apply the changes successfully.
Solution 2: Set the Correct Permissions
The SSH files and directories permissions at remote and host machines must be set properly. So that the authorized user is allowed to access/use the machine. Let’s understand the right permissions for SSH:
Restricting the directory’s read/write/execute permissions to the current user (logged-in):
$ sudo chmod 700 ~/.ssh
Now, inside the .ssh directory is a file named “authorized_keys.” Restrict the permissions of this file to read and write for the current user:
$ sudo chmod 600 ~/.ssh/authorized_keys
Solution 3: Configure the SSH Config File at Server’s End (sshd_config)
The SSH server’s related configurations reside in the file sshd_config in your Linux systems’/etc/ssh directory. Sometimes, its default settings may be changed, which must be corrected before making any connection. So, here we are with the steps to configure it:
Open the file in any editor (Nano, Vim):
$ sudo nano /etc/ssh/sshd_config
Set the PasswordAuthentication and PubkeyAuthentication to yes (make sure the line is uncommented):
Once they are set, use the CTRL+S and CTRL+X to save and exit the file. To apply the changes, restart the SSH server as follows:
$ sudo systemctl restart ssh
This would fix the “ssh permission denied publickey” error; you can connect to a client remotely.
The “ssh permissions denied publickey” error occurs if the public or the private key is incorrect, Permissions Issues, Key Pair is Not Generated, SSH Agent Issues, and Server-Side Configuration Issues.
The possible solutions to fix this are to generate/add the public key, configure the sshd config file, or set the file’s permissions. However, it is recommended to first trace which reason has invoked the error and then pick/apply the relevant solution to encounter the error.
This post has demonstrated the best solutions to fix the “ssh permission denied publickey” error.
For more Linux troubleshooting guides, follow us at Linux-Genie.