Secure Shell (SSH) is a crucial tool for administrators and developers, providing a secure way to access and manage remote servers. However, it is not uncommon to encounter the “Permission denied (publickey)” error when trying to establish a secure shell connection. This error indicates that the secure shell client can not authenticate the user because the server does not accept the provided public key.
In this article, you will learn how to troubleshoot SSH permission denied errors for public keys.
Secure Shell uses public key cryptography to authenticate the user to the server. Here is how it works:
The user generates a key pair on their local machine, consisting of a private key and a public key.
The user places the public key on the remote server in the `~/.ssh/authorized_keys`file.
When connecting, the secure shell client uses the private key to create a signature that the server verifies using the public key.
Read more: WordPress 403 Forbidden Error: Everything You Need To Know
If the server can verify the signature, it grants access. otherwise, it denies access, often with the “Permission denied (publickey)” message.
Here are some of the common causes of secure shell permission denied error.
The most common cause is that the public key is either not present or incorrectly configured on the server. Ensure your public key is correctly added to the `~/.ssh/authorized_keys`file on the server.
Use the following command to append the key:
“`bash
cat ~/.ssh/id_rsa.pub | ssh user@server “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”
“`
Verify the permissions and ownership of the `~/.ssh` directory and `authorized_keys` file:
“`bash
ssh user@server “chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys; chown -R user:user ~/.ssh”
“`
Secure Shell requires that the private key file on your local machine has restricted permissions. If the permissions are too open, the secure shell will ignore the key. Ensure your private key has the correct permissions:
“`bash
chmod 600 ~/.ssh/id_rsa
“`
Sometimes, incorrect settings in your secure shell configuration files can cause authentication failures. Check your secure shell configuration file (`~/.ssh/config`) for incorrect entries. It should look something like this:
“`plaintext
Host server
HostName server_ip
User username
IdentityFile ~/.ssh/id_rsa
“`
Ensure there are no typos or incorrect paths.
Secure Shell agents might not be correctly handling your keys. Ensure your key is added to the secure shell agent:
“`bash
ssh-add ~/.ssh/id_rsa
“`
Check if the agent is running by listing the keys it manages:
“`bash
ssh-add -l
“`
If no keys are listed, add your key again.
The secure shell daemon on the server might not be configured to accept public key authentication.
Check the server’s SSH configuration file (`/etc/ssh/sshd_config`) for the following entries:
“`plaintext
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
“`
If changes are made,restart the secure shell service:
“`bash
sudo systemctl restart sshd
“`
Security modules like SELinux or AppArmor might be restricting access to the SSH keys. Temporarily disable SELinux to test if it is the cause:
“`bash
sudo setenforce 0
“`
Read more: 7 Reasons Why You Should Setup SSH Keys
If it resolves the issue, review SELinux policies or AppArmor profiles to allow secure shell access.
File system issues like corruption or misconfiguration might prevent the secure shell from reading the keys. Check the integrity and permissions of the home directory and the secure shell files:
“`bash
ls -ld ~
ls -ld ~/.ssh
“`
Use SSH’s verbose mode to gain more insight into the connection process and identify where it is failing:
“`bash
ssh -v user@server
“`
This will provide detailed logs of the secure shell connection process, highlighting any issues with key recognition or authentication steps.
Troubleshooting the “Permission denied (publickey)” error involves systematically checking each potential issue, from ensuring the correct public key placement and permissions to verifying secure shell configurations and server settings.
By following the outlined steps, you can methodically identify and resolve the cause of the error, restoring your ability to securely connect to your remote server. Always remember to maintain proper security practices when handling the secure shell keys to prevent unauthorized access.
Did this article help you in troubleshooting secure shell permission denied error for public key? Share your feedback with us in the comments section below.