CommandsLinux

How To Fix SSH Permission Denied Publickey

r00t

Fix SSH Permission Denied Publickey

SSH (Secure Shell) is an essential tool for securely accessing remote servers and executing commands. It provides a reliable and encrypted communication channel between the client and the server. However, encountering the frustrating “Permission denied (publickey)” error can disrupt your workflow and leave you scratching your head. In this comprehensive guide, we will delve into the causes of this error and provide step-by-step instructions to troubleshoot and resolve the SSH permission denied issue.

Understanding the SSH “Permission Denied (Publickey)” Error

When attempting to establish an SSH connection, the “Permission denied (publickey)” error message indicates that the server has rejected your SSH key. This error typically occurs when the server cannot validate the public key provided by the client. Several scenarios can trigger this error, such as improper SSH key configuration, incorrect file permissions, or issues with the SSH server settings. Understanding the underlying causes is crucial for effectively troubleshooting and fixing the problem.

Preliminary Checks Before Troubleshooting

Before diving into the troubleshooting process, it’s essential to perform some preliminary checks to rule out common issues:

  • Verify that the SSH service is running on the server by using the command sudo systemctl status ssh or sudo service ssh status.
  • Double-check the accuracy of the username and IP address you are using to establish the SSH connection. Ensure that you have entered the correct details.
  • Confirm that you have properly configured the SSH key pair on both the client and the server. The public key should be present in the server’s ~/.ssh/authorized_keys file, and the corresponding private key should be available on the client machine.
  • Use the verbose mode by adding the -v or -vv flag to your SSH command to obtain more detailed error messages. This can provide valuable insights into the specific point of failure.
  • Compare the server’s SSH configuration file (/etc/ssh/sshd_config) with a known working configuration to identify any discrepancies or misconfigurations.

Diagnosing SSH Permission Denied (Publickey) Error

To diagnose the root cause of the SSH permission denied error, follow these steps:

  • Check if the SSH agent is running and ensure that your SSH keys are loaded. Use the command ssh-add -l to list the currently loaded keys. If your key is not listed, add it using ssh-add /path/to/your/private/key.
  • Verify that your public key is correctly attached to your user account on the server. Check the ~/.ssh/authorized_keys file on the server to ensure that your public key is present and properly formatted.
  • Inspect the permissions of your SSH key files and directories. The .ssh directory should have permissions set to 700 (drwx——), public key files (.pub) should have permissions 644 (-rw-r–r–), and private key files (id_rsa) should have permissions 600 (-rw——-). Use the chmod command to adjust the permissions if necessary.
  • Analyze the server logs for detailed failure reasons. Check the /var/log/auth.log or /var/log/secure file for relevant error messages. Look for lines containing “sshd” and the specific client IP address or username.
  • Verify that the correct key is being offered by the client. Look for lines starting with “debug1: Offering public key:” in the verbose SSH output. Ensure that the offered key matches the one you intend to use.

Solutions to Fix SSH Permission Denied (Publickey)

Based on the diagnosis, apply the appropriate solution to resolve the SSH permission denied error:

  1. Adjust SSH server configuration:
    • Open the SSH server configuration file (/etc/ssh/sshd_config) with a text editor using sudo privileges.
    • Ensure that the PubkeyAuthentication and RSAAuthentication directives are set to “yes”.
    • Uncomment the AuthorizedKeysFile directive to use the default location (~/.ssh/authorized_keys) for authorized keys.
    • Save the changes and restart the SSH service using sudo systemctl restart ssh or sudo service ssh restart.
  2. Fix incorrect permissions on key files and directories:
    • Use the chmod command to set the correct permissions on the .ssh directory (chmod 700 ~/.ssh), public key files (chmod 644 ~/.ssh/*.pub), and private key files (chmod 600 ~/.ssh/id_rsa).
    • Ensure that the .ssh directory and key files are owned by your user account, not root. Use the chown command if necessary: sudo chown -R yourusername:yourusername ~/.ssh.
  3. Regenerate SSH key pair if keys are corrupt or not matching:
    • Use the ssh-keygen command to generate a new SSH key pair: ssh-keygen -t rsa -b 4096.
    • Copy the new public key to the server’s authorized_keys file using the ssh-copy-id command: ssh-copy-id user@server.
  4. Disable SELinux or modify its policies if it is enabled and blocking SSH:
    • Temporarily disable SELinux by editing the /etc/selinux/config file and setting SELINUX=disabled.
    • Reboot the server for the changes to take effect.
    • If disabling SELinux is not an option, modify its policies to allow SSH access using the semanage command.
  5. Check for other SSH restrictions in the /etc/ssh/sshd_config file:
    • Look for directives such as AllowUsers, DenyUsers, or Match blocks that may be restricting SSH access for your user or key.
    • Modify or remove these restrictions as necessary to allow your SSH connection.

Verifying Successful SSH Connection

After applying the appropriate fixes, it’s crucial to verify that your SSH connection is now successful:

  1. Attempt to establish an SSH connection to the server using your SSH key.
  2. Ensure that you no longer encounter the “Permission denied (publickey)” error.
  3. Check the server logs (/var/log/auth.log or /var/log/secure) to confirm successful authentication and login.
  4. Test executing commands on the remote server over SSH to ensure that you have the necessary permissions and access.

Conclusion

Encountering the SSH permission denied error can be frustrating, but by following a systematic troubleshooting approach, you can identify the root cause and apply the appropriate solution. Understanding the importance of proper SSH key permissions, server configuration, and user account settings is crucial for maintaining a secure and smooth SSH experience.

Remember to regularly review and audit your SSH setup to ensure that it adheres to best practices and security guidelines. Keep your SSH server and client software up to date, and consider implementing additional security measures such as SSH key passphrases and two-factor authentication.

r00t
Photo of r00t

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button