Secure Shell (SSH) is a crucial tool for administrators and developers, providing a secure way to access and manage remote servers. However, it is not uncommon to encounter the “Permission denied (publickey)” error when trying to establish a secure shell connection. This error indicates that the secure shell client can not  authenticate the user because the server does not accept the provided public key.

In this article, you will learn how to troubleshoot SSH permission denied errors for public keys.

Understanding the SSH Public Key Authentication

Secure Shell uses public key cryptography to authenticate the user to the server. Here is how it works:

1. Generate Key Pair:

The user generates a key pair on their local machine, consisting of a private key and a public key.

2. Share Public Key:

The user places the public key on the remote server in the `~/.ssh/authorized_keys`file.

3. Authenticate:

When connecting, the secure shell client uses the private key to create a signature that the server verifies using the public key.

Read more: WordPress 403 Forbidden Error: Everything You Need To Know

If the server can verify the signature, it grants access. otherwise, it denies access, often with the “Permission denied (publickey)” message.

Common Causes and Solutions

Here are some of the common causes of secure shell permission denied error.

1. Missing or Incorrect Public Key on the Server

The most common cause is that the public key is either not present or incorrectly configured on the server. Ensure your public key is correctly added to the `~/.ssh/authorized_keys`file on the server.

Use the following command to append the key:

    “`bash

    cat ~/.ssh/id_rsa.pub | ssh user@server “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”

    “`

Verify the permissions and ownership of the `~/.ssh` directory and `authorized_keys` file:

    “`bash

    ssh user@server “chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys; chown -R user:user ~/.ssh”

    “`

2. Incorrect SSH Key Permissions

Secure Shell requires that the private key file on your local machine has restricted permissions. If the permissions are too open, the secure shell will ignore the key. Ensure your private key has the correct permissions:

    “`bash

    chmod 600 ~/.ssh/id_rsa

    “`

3. Incorrect SSH Configurations

Sometimes, incorrect settings in your secure shell configuration files can cause authentication failures. Check your secure shell configuration file (`~/.ssh/config`) for incorrect entries. It should look something like this:

    “`plaintext

    Host server

        HostName server_ip

        User username

        IdentityFile ~/.ssh/id_rsa

    “`

Ensure there are no typos or incorrect paths.

4. SSH Agent Issues

Secure Shell agents might not be correctly handling your keys.  Ensure your key is added to the secure shell agent:

    “`bash

    ssh-add ~/.ssh/id_rsa

    “`

Check if the agent is running by listing the keys it manages:

    “`bash

    ssh-add -l

    “`

If no keys are listed, add your key again.

5. Server Configuration

The secure shell daemon on the server might not be configured to accept public key authentication.

Check the server’s SSH configuration file (`/etc/ssh/sshd_config`) for the following entries:

    “`plaintext

    PubkeyAuthentication yes

    AuthorizedKeysFile .ssh/authorized_keys

    “`

If changes are made,restart the secure shell service:

    “`bash

    sudo systemctl restart sshd

    “`

6. SELinux or AppArmor Restrictions

Security modules like SELinux or AppArmor might be restricting access to the SSH keys. Temporarily disable SELinux to test if it is the cause:

    “`bash

    sudo setenforce 0

    “`

Read more: 7 Reasons Why You Should Setup SSH Keys 

If it resolves the issue, review SELinux policies or AppArmor profiles to allow secure shell access.

7. File System Issues

File system issues like corruption or misconfiguration might prevent the secure shell from reading the keys. Check the integrity and permissions of the home directory and the secure shell files:

    “`bash

    ls -ld ~

    ls -ld ~/.ssh

    “`

8. Debugging with Verbose Mode

Use SSH’s verbose mode to gain more insight into the connection process and identify where it is failing:

“`bash

ssh -v user@server

“`

This will provide detailed logs of the secure shell connection process, highlighting any issues with key recognition or authentication steps.

Summary

Troubleshooting the “Permission denied (publickey)” error involves systematically checking each potential issue, from ensuring the correct public key placement and permissions to verifying secure shell configurations and server settings.

By following the outlined steps, you can methodically identify and resolve the cause of the error, restoring your ability to securely connect to your remote server. Always remember to maintain proper security practices when handling the secure shell keys to prevent unauthorized access.

Did this article help you in troubleshooting secure shell permission denied error for public key? Share your feedback with us in the comments section below.