How Can You Fix a "Permission denied (publickey)" SSH Error on Linux?

Trending 2 weeks ago

Are your nationalist SSH keys giving you a difficult time? Try 1 of these solutions.

A padlock pinch keyboard keys scattered around

SSH is simply a useful instrumentality for connecting to distant machines, but you whitethorn tally into a "Permission denied (publickey)" correction involving your nationalist cardinal connected Linux. Fortunately, location are immoderate easy fixes you tin effort to troubleshoot it.

What Is a Public Key?

When you make a cardinal brace for SSH connected Linux, you will beryllium fixed a nationalist cardinal and a backstage key. The backstage cardinal will enactment pinch you arsenic a intimately guarded secret, but nan nationalist cardinal is what will beryllium transmitted to distant servers to fto you log successful without a password. Your section SSH customer will lucifer nan nationalist cardinal to nan backstage cardinal erstwhile you connect.

The advantage of this method is that you only person to springiness retired nan nationalist key. As agelong arsenic you support your backstage cardinal private, this should support you unafraid successful lawsuit your nationalist cardinal is compromised. The nationalist cardinal will beryllium useless connected its own.

OpenSSH, nan astir widely-used SSH customer and server successful nan unfastened root world, requires nan record containing immoderate nationalist keys connected nan distant instrumentality (".ssh/authorized_keys" successful your location directory), to person definite permissions. It won't activity if nan constitute permissions are group for different users, which is known arsenic being "world-writable." Because nan directory sanction starts pinch a play (.), it won't show up successful immoderate ls listings unless you usage nan command ls -A.

Permissions mightiness alteration if nan record was copied complete from different machine aliases you created it yourself. Fortunately, this is easy to fix.

Check Your Public Key Permissions

The authorized_keys record is simply a plain-text record that contains each nan nationalist keys from clients you want to beryllium capable to log successful to your relationship connected nan distant machine. To spot its permissions, use nan ls command pinch nan -l option:

ls -l ~/.ssh/authorized_keys
ssh -l output connected nationalist SSH key

This will show nan support settings for nan owner, nan group, and different users. Pay attraction to nan past six letters successful nan string. If you spot "w" successful them, that intends that nan group aliases others tin constitute to it, making it insecure.

You'll want this record to beryllium writable by you, but not by nan group aliases others. To springiness entree to nan correct users, you tin alteration permissions pinch chmod.

There are 2 ways: numerically and symbolically.

The numeric measurement is shorter, but you person to memorize nan octal support numbers:

chmod 700 ~/.ssh/authorized_keys

The symbolic method is much mnemonic:

chmod go-w ~/.ssh/authorized_keys

Safely Copy Keys Using ssh-agent

Starting ssh-agent successful Linux terminal

You tin manually transcript and paste immoderate nationalist keys from your instrumentality into nan ~/.ssh/.authorized_keys file, but utilizing nan ssh-agent programme will trim nan chances of immoderate permissions errors.

To commencement ssh-agent, usage this command:

eval "$(ssh-agent-s)"

To log successful to a distant server utilizing ssh-agent, usage nan -A action pinch ssh

ssh -A [email protected]

Check nan Remote Server's sshd Settings

sshd config record successful Debian

If immoderate of these efforts fail, you whitethorn person to make immoderate configuration changes to nan sshd server connected nan distant instrumentality if you person guidelines access. If not, you'll apt person to get successful touch pinch nan strategy administrator to thief you lick immoderate SSH relationship problems. This is simply a method of past edifice because it could make your strategy little secure.

The system-wide configuration record for sshd is /etc/ssh/sshd_config. Because it's owned by root, you'll request to usage sudo to edit it. For example, to edit it pinch Vim:

sudo vim /etc/ssh/sshd_config

To alteration sshd to fto you log successful moreover if your authorized_keys record is world-writable, group nan "StrictModes" action to "no" successful this file.

Save it and restart nan SSH server:

sudo systemctl restart sshd.service

Now You Can Fix SSH Public Key Permissions Errors

You whitethorn tally into errors regarding SSH nationalist keys connected distant systems. Fortunately, astir of nan clip each you person to do is cheque and group nan record permissions truthful that nary 1 other tin spot your key. You tin besides usage ssh-agent for much reliable connections. As a past resort, you tin make nan SSH server little stringent.

Source Tutorials