Add SSH key and Permission denied (publickey)

If you have generated SSH key pair which you are using to connect to your server and you want to use the key to connect from another computer you need to add the key. Otherwise error:

Permission denied (publickey)

will be raised.

In this post:

  • Analyse the problem - Permission denied (publickey)
  • Check ~/.ssh folder keys
  • Check ~/.ssh permissions
  • Adding new SSH key
  • SSH keys issues

You can check also this article: Ubuntu 16.04 server enable SSH and connect

First of all this error means that authentication failed and that authentication method is by publickey. The reasons can differ depending on the your scenario. Some reasons:

  • Using wrong key to connect (Make sure you are using the correct Key)
  • Wrong username
  • Host setup
  • Wrong server (make sure your IP address is correct )
  • Permission settings
  • Make sure the server has your PUBLIC key (.pub)

Analyse the problem

The first thing to do is to check what methods of authentication are tried and what the result was? This can be done by adding -v to your SSH command:

The basic command for connection with SSH is:

ssh username@host

or(which is equivalent of adding user by parameter -l):

ssh host -l username

if you want to add extra information for your SSH key you can do it by adding -i:

ssh-i ~/.ssh/private_key username@host

You can check the available information by adding -v

ssh -v -i ~/.ssh/private_key username@host

In the output you will see some information and debug details. You can see if you have error or any details which can help you investigating the issue.

If you are able to connect to the server you can check the authentication log by(you need admin rights):

sudo tail -f /var/log/auth.log

the log output will be something like:

May 14 16:20:39 localhost sudo:    test : 3 incorrect password attempts ; 

Check ~/.ssh folder keys

You can check the folder of the computer which is able to connect to your server. Usually the folder is placed in your home:

ls -l ~/.ssh/

You can copy paste some of the keys to your new machine(the one with the problem to connect) and test them by this command (adding the key with -i):

ssh-i ~/.ssh/private_key username@host

If the keys are working you can copy them to your .ssh folder.

Check ~/.ssh permissions

If you want to log in as any user, then .ssh and authorized_keys should belong to this user. Otherwise the SSH command is not able to read information from them and is not able to check if the user user is authorized to log in. So in order to fix this try:

In your home directory:

chown -R your_user:your_user .ssh

About the folder and file rights the recommendation is:

  • 700 for .ssh
  • 600 for authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

In other setup you may get error:

Permissions 0777 for id_key are too open

or

Permissions 0777 for are too open.

You can solve this error and by changing the private key itself:

chmod 600 /home/user/key/id_rsa

Adding new SSH key

Of course you can add another key to connect to your server. This can be done by following steps:

  • Create the RSA key pair - run from the new client machine (the one with the connection problems):
ssh-keygen -t rsa
  • Save the keys( Passphrase is optional and can be skipped):
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):

The private key/identification is saved in :

/home/test/.ssh/id_rsa.

The public key is in:

/home/test/.ssh/id_rsa.pub. 
  • Copy the public key

The public key can be copied on the server by:

ssh-copy-id username@host

SSH keys issues

SSH command use wrong key

Sometimes the command for SSH connection will try to use wrong key if you have more than one. This can be solved by adding the key to the list of ssh keys:

ssh-add ~/.ssh/correct_private_key

Now correct_private_key will be correctly associated with your connection( by using IdentityFile). So specifying IdentityFiles adds this key to the current list the SSH agent already presented to the client.

Adding key to authorized_keys

You can add the new keys(for the client machine) to authorized_keys by:

  • overwrite an existing authorized_keys file
cat <your_key >~/.ssh/authorized_keys
  • append to authorized_keys file
cat <your_key >>~/.ssh/authorized_keys

Related Article