SSH Permission denied (publickey)

I am trying to connect to a Linode (running Ubuntu 12.04 LTS) from my local machine (also running Ubuntu 12.04 LTS)

I have created a private and public key on my local machine and copied my public key to my Linode’s authorized_keys file. However, whenever I try to ssh to my Linode I get the error message Permission denied (publickey).

It’s not a problem with how ssh is set up on my Linode because I can ssh to it from my Windows machine using key authentication.

In my .ssh directory on my local Ubuntu machine, I have my id_rsa and id_rsa.pub files. Do I need to create an authorized_keys file on my local machine?

EDIT: This is what I get when I run ssh -vvv -i id_rsa [youruser]@[yourLinode]:

debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

• 2The command should have been ssh -vvv -i .ssh/id_rsa .... (note the path to id_rsa!) – please replace – the old log only shows that “we” had no pubKey to send. – guntbert Jun 23, 2013 at 11:22

@guntbert I missed out the .ssh because I was already in the .ssh directory. I also tried it with .ssh/id_rsa but I got the same result 

– PattleJun 23, 2013 at 11:30

I had same problem. I could log on as root but not as new_user. If you can access your server as root or a sudo user you can watch the ssh auth log via “tail -f /var/log/auth.log”. in my case the problem was the new_user was configured with an invalid shell. “user new_user not allowed because shell /bin/ is not executable”. 

– BryanFeb 16, 2022 at 16:41

(not enough reputation to post as an answer) More recently, this can also happen due to the SHA-1 signature in RSA keys becoming deprecated. Running ssh -vvv will report “no mutual signature algorithm” if this is the case. To fix, either update your ssh server to support rsa-sha2, or regen your key with ssh-keygen -t ed25519, or pass -o PubkeyAcceptedKeyTypes=+ssh-rsa to the ssh client. 

– Sir AthosApr 26, 2023 at 9:26

PubKeyAuthentication

Set up your client

1. Generate your key.ssh-keygen
2. Configure ssh to use the key.vim ~/.ssh/config Your config file should have something similar to the following:Host SERVERNAME Hostname ip-or-domain-of-server User USERNAME PubKeyAuthentication yes IdentityFile ./path/to/key You can add IdentitiesOnly yes to ensure ssh uses the specified IdentityFile and no other keyfiles during authentication. Setting IdentitiesOnly prevents failed authentications from occurring, when ssh would otherwise attempt to login with multiple keys. Setting this is also considered more secure, as you’re not leaking information about other keys you have installed, and maintaining separation of your keys between different levels of access.
3. Copy your key to your server.ssh-copy-id -i /path/to/key.pub SERVERNAME` For example, ssh-copy-id -i ~/.ssh/id_res.pub -p 22 user@1.1.1.1

Troubleshooting

1. use “-vvv” option
2. Make sure the server has your PUBLIC key (.pub).
3. Make sure your IdentiyFile points to your PRIVATE key.
4. Make sure your .ssh directory has 700 and the files within are 600 permissions.
   • ssh-keygen will create files and directories for you with the proper permissions
5. tail -f /var/log/auth.log (on the server) and monitor errors when you attempt to login
6. If you have many key files, try IdentitiesOnly yes to limit the authentication to use the single, specified key.

FYI, I created a small script at github.com/centic9/generate-and-send-ssh-key which runs the necessary steps in one go and additionally ensures all the file/directory permissions which always caused me headaches… 

– centicOct 7, 2015 at 11:30

Just to elaborate step 2: the IdentityFile line in ~/.ssh/config must point to the PRIVATE key. 

– Danny SchoemannAug 30, 2017 at 14:19

• 6I wonder why you’d want to set files to have execute permission in step 4? – Todd Walton Nov 7, 2018 at 13:43

Posterity and completeness is why. 

– earthmeLonSep 28, 2019 at 21:48

While the directory requires 700 permissions, the files do not, they should be 600. 

– openCivilisationOct 24, 2020 at 10:13

Sometimes the issue comes from permissions and ownership. For instance, if you want to log in as root, /root, .ssh and authorized_keys must belong to root. Otherwise, sshd won’t be able to read them and therefore won’t be able to tell if the user is authorized to log in.

In your home directory:

chown -R your_user:your_user .ssh

As for rights, go with 700 for .ssh and 600 for authorized_keys

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

This answer helped me. I had taken the advice from this post and moved my authorized_keys file outside of my encrypted home directory. In doing so, I had inadvertently changed ownership to root:root. 

– Jordan GrantAug 12, 2016 at 22:27

Wish I could upvote twice, once for the folder and once for the file. Very important that permissions are exact. 

– Mr GrieverMay 15, 2019 at 18:21

I changed the permission of my home folder /home/user to 777 by mistake, this make ssh failed. chmod 777 /home/user will fix it. 

– hellohawaiiJul 2, 2023 at 18:01

The problem I had was it was using the wrong keys on the client. I had renamed id_rsa and id_rsa.pub to something else. You can either rename them back to their default, or when you issue the ssh command, use it like this

ssh -i ~/.ssh/private_key username@host

source : https://askubuntu.com/questions/311558/ssh-permission-denied-publickey