How to Fix SSH Permission Denied (Public key) Error in Linux

SSH, an acronym for Secure Shell, is a remote protocol that is widely used to make remote connections to servers, network devices, and other remote hosts that run the service. It uses a public/private key pair to encrypt traffic between the user and the remote host.

When making a connection, you might encounter the “ssh permission denied public key” error. In this guide, we seek to understand the cause of this error and how to address it.

Cause of SSH Permission denied (publickey) Error

The root cause of this error is mostly a misconfiguration in the /etc/ssh/sshd_config file which is the default SSH configuration file.

Another culprit is insufficient permissions on the authorized_keys file on the remote system. The file contains the public keys of client systems allowed to SSH into the server.

Without much ado, let us check out possible solutions to solve this error.

Enable Password Authentication

As earlier pointed out, one of the reasons attributed to this error is a misconfiguration of the /etc/ssh/sshd_config file. One of the wrong settings is the disabling of the password authentication feature. This can happen in case someone is using SSH Key-based authentication only and for some reason, the private key is not present.

SSH Permission Denied Error
SSH Permission Denied Error

To address this error, edit the default SSH configuration file.

$ sudo vim /etc/ssh/sshd_config

Locate the PasswordAuthentication attribute and set it to yes as shown below.

Enable SSH Password Authentication
Enable SSH Password Authentication

Save the changes and exit the configuration file. Then restart the SSH service for the changes to come into effect.

$ sudo systemctl restart sshd

You should now be able to connect seamlessly to the remote host.

Connect to SSH Server
Connect to SSH Server

Check SSH Authorized_keys Permission

Sometimes, the error comes from incorrect permissions and ownership of the ~/.ssh/authorized_keys file on the remote system.

The ~/.ssh/authorized_keys file is located on the remote server. It contains the public SSH key from the client system connecting to it using SSH-key authentication. Remember that the private key should remain on the client system and never be shared.

The authorized_keys file should be owned by the user on the remote system. In addition, the user should have read and write permissions.

If this is not the case, set the permissions to the file as shown.

$ sudo chmod 600 ~/.ssh/authorized_keys
$ ls -l .ssh/authorized_keys
SSH Authorized_keys File
SSH Authorized_keys File

Back on the client system, ensure that Public and Private Keys have the correct permissions.

  • The Private Key should have read and write permissions only for the file owner.
  • The Public Key should have read and write permissions for the file owner and read permissions for both the group and other global users.

If this is not the case, configure the permissions as follows in octal format.

$ sudo chmod 600 ~/.ssh/id_rsa
$ sudo chmod 644 ~/.ssh/

Those are the two main ways that you can use to troubleshoot the “ssh permission denied public key” error. Have we left something else out? Do let us know in the comment section.

If you read this far, tweet to the author to show them you care. Tweet a thanks
Winnie Ondara
My name is Winnie, a Linux enthusiast and passionate tech writer in Linux and DevOPs topics. I enjoy keeping abreast with the latest technologies in the Linux ecosystem and trying out new tools provided by the FOSS community.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.