“Permission denied (publickey)” is a common SSH error that blocks your connection when the server doesn’t recognize your public key. Here’s how to fix it:
- Check File Permissions:
Ensure the.sshdirectory has700permissions (chmod 700 ~/.ssh) and theauthorized_keysfile has600permissions (chmod 600 ~/.ssh/authorized_keys). - Set Correct Ownership:
Files in.sshmust be owned by the connecting user. Run:chown username:username ~/.ssh{,/.ssh/authorized_keys} - Verify Local SSH Key:
Confirm your SSH key exists and is correctly configured on your local machine. - Adjust SSH Client Settings:
Ensure your SSH client is using the correct private key. - Check Server Configuration:
Confirm the server allows public key authentication in itssshd_config.
If these steps fail, use advanced recovery options like a VNC console or Rescue Mode (offered by VPS.us) to regain server access.
Quick Fix Summary:
- Set
.sshdirectory to700andauthorized_keysto600. - Ensure correct file ownership with
chown. - Verify and configure your local SSH key.
- Check client and server settings.
By following these steps, you can resolve the error and restore secure SSH access.
Fix for SSH Permission Denied (Public Key)
Main Reasons for SSH Permission Denied Errors
Incorrect file permissions and ownership are common reasons behind SSH “Permission Denied (publickey)” errors. The SSH server enforces strict rules to ensure key files are secure and inaccessible to others.
If the .ssh directory or authorized_keys file has improper permissions or ownership, SSH will reject the keys. Below are the required settings:
| File/Directory | Required Permissions | Command |
|---|---|---|
~/.ssh directory | 700 (drwx——) | chmod 700 ~/.ssh |
~/.ssh/authorized_keys | 600 (-rw——-) | chmod 600 ~/.ssh/authorized_keys |
Permissions exceeding 700 for the .ssh directory or 600 for the authorized_keys file will trigger a rejection. Besides setting the correct permissions, ensure the .ssh directory and its contents are owned by the appropriate user:
chown username:username ~/.ssh{,/.ssh/authorized_keys}
/banner/inline/?id=sbb-itb-0ad7fa2
How to Fix SSH Permission Denied Errors
If you’re encountering publickey errors, here’s how to resolve them step by step:
- Check Your Local SSH Key Setup: Ensure your SSH key exists and is correctly configured on your local machine.
- Adjust the SSH Client Configuration: Verify that your SSH client is pointing to the correct private key and using the right settings.
- Fix Server File Ownership and Permissions: Double-check that the ownership and permissions of files on the server are set properly.
- Modify SSH Server Settings: Ensure the server’s SSH configuration allows for public key authentication.
Detailed commands and examples for each step are provided below. Work through these steps in order to troubleshoot and regain SSH access efficiently.
Extra Troubleshooting Steps
If the earlier steps don’t resolve the issue, consider these advanced solutions:
Fixing Root Permission Problems
Incorrect permissions on ~/.ssh or authorized_keys can block root key login. To fix this, run the following commands as root:
chown root:root ~/.ssh{,/.ssh/authorized_keys}
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
Afterward, use the VPS.us Always-On Access feature for console-based recovery if needed.
Using VPS.us Always-On Access and Rescue Mode
If SSH access still doesn’t work – even with the right keys and permissions – VPS.us provides an HTML5 VNC console for direct system access. Through this console, you can adjust file permissions, update the sshd_config file, or reset root keys. For additional help, VPS.us offers 24/7 support to assist with root access setup and SSH troubleshooting in Rescue Mode.
Summary and Tips
With SSH access restored, it’s time to strengthen your server’s security and revisit the key points covered.
Key Points to Remember
Fixing SSH “Permission Denied (Publickey)” errors involves a step-by-step approach to ensure proper key configuration. Here’s what to focus on:
- File permissions: Set private keys to
600, public keys to644, and the~/.sshdirectory to700. - File ownership: Ensure all SSH-related files are owned by the user attempting to connect.
Best Practices for SSH Security
Following these SSH security tips can help you avoid authentication issues and protect your server:
- Use secure key algorithms like Ed25519 or RSA (minimum 2048 bits).
- Restrict access to private keys and the
~/.sshdirectory with strict permissions. - Regularly update and rotate your SSH keys.
- Utilize an SSH agent with a timeout to manage passphrases securely.
- Keep your SSH server software and security patches current.
- Monitor logs for any unauthorized or suspicious activity.
VPS.us SSH Support
VPS.us offers tools and resources to help when SSH issues arise. Their HTML5 VNC console and Always-On Access features allow you to recover servers even if SSH fails. With 24/7 support, they assist with key setups, permissions, and server configurations. Operating across 17 global data centers, including locations in the U.S., VPS.us provides automated SSH key and configuration backups, ensuring secure and low-latency connections.
