How to Fix SSH Permission Denied (Public key) Error in Linux

SSH, an acronym for Secure Shell, is a remote protocol that is widely used to make remote connections to servers, network devices, and other remote hosts that run the service. It uses a public/private key pair to encrypt traffic between the user and the remote host.

When making a connection, you might encounter the “ssh permission denied public key” error. In this guide, we seek to understand the cause of this error and how to address it.

Cause of SSH Permission denied (publickey) Error

The root cause of this error is mostly a misconfiguration in the /etc/ssh/sshd_config file which is the default SSH configuration file.

Another culprit is insufficient permissions on the authorized_keys file on the remote system. The file contains the public keys of client systems allowed to SSH into the server.

Without much ado, let us check out possible solutions to solve this error.

Enable Password Authentication

As earlier pointed out, one of the reasons attributed to this error is a misconfiguration of the /etc/ssh/sshd_config file. One of the wrong settings is the disabling of the password authentication feature. This can happen in case someone is using SSH Key-based authentication only and for some reason, the private key is not present.

SSH Permission Denied Error
SSH Permission Denied Error

To address this error, edit the default SSH configuration file.

$ sudo vim /etc/ssh/sshd_config

Locate the PasswordAuthentication attribute and set it to yes as shown below.

Enable SSH Password Authentication
Enable SSH Password Authentication

Save the changes and exit the configuration file. Then restart the SSH service for the changes to come into effect.

$ sudo systemctl restart sshd

You should now be able to connect seamlessly to the remote host.

Connect to SSH Server
Connect to SSH Server

Check SSH Authorized_keys Permission

Sometimes, the error comes from incorrect permissions and ownership of the ~/.ssh/authorized_keys file on the remote system.

The ~/.ssh/authorized_keys file is located on the remote server. It contains the public SSH key from the client system connecting to it using SSH-key authentication. Remember that the private key should remain on the client system and never be shared.

The authorized_keys file should be owned by the user on the remote system. In addition, the user should have read and write permissions.

If this is not the case, set the permissions to the file as shown.

$ sudo chmod 600 ~/.ssh/authorized_keys
$ ls -l .ssh/authorized_keys
SSH Authorized_keys File
SSH Authorized_keys File

Back on the client system, ensure that Public and Private Keys have the correct permissions.

  • The Private Key should have read and write permissions only for the file owner.
  • The Public Key should have read and write permissions for the file owner and read permissions for both the group and other global users.

If this is not the case, configure the permissions as follows in octal format.

$ sudo chmod 600 ~/.ssh/id_rsa
$ sudo chmod 644 ~/.ssh/id_rsa.pub

Those are the two main ways that you can use to troubleshoot the “ssh permission denied public key” error. Have we left something else out? Do let us know in the comment section.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Winnie Ondara
My name is Winnie, a Linux enthusiast and passionate tech writer in Linux and DevOPs topics. I enjoy keeping abreast with the latest technologies in the Linux ecosystem and trying out new tools provided by the FOSS community.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

2 Comments

Leave a Reply
  1. Since your post comes to the top of the list, when searching for this issue, I believe this is a good place to start.

    To improve your tutorial, you need to add one more thing. That is, public key authentication will not function if the user’s home directory on the server has overly permissive permissions.

    For example, for whatever season my home folder (on the server) had 777 permission and no matter what I did – public key authentication did not work.

    Finally, I looked into /var/log/auth.log which indicated an issue with home folder permissions. Once I changed my home folder (on the server) permissions to 700 – key authentication started working like a charm.

    Reply
    • @Larry,

      Thank you for your feedback and valuable insight! I’m glad to hear that the tutorial was helpful to you, and I appreciate your suggestion. It’s definitely important to highlight potential stumbling blocks like overly permissive permissions in the home directory, which can cause issues with public key authentication.

      Your experience and solution will surely be beneficial to others who come across this post.

      Thanks for sharing!

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.