Fix 'Permission denied (publickey)' SSH Error on Linux

Linux & Unix Intermediate 👁 0 views 📅 May 25, 2026

SSH public key authentication fails with 'Permission denied (publickey)' due to incorrect file permissions, wrong key location, or SSH config issues. This guide covers common causes and step-by-step fixes.

Symptoms

When attempting to connect to a remote Linux/Unix server via SSH using public key authentication, you receive the error: Permission denied (publickey). The connection fails even though the public key appears to be correctly placed in the remote user's ~/.ssh/authorized_keys file. Password authentication may or may not work depending on server configuration.

Root Causes

This error typically occurs due to one or more of the following:

  • Incorrect file permissions on the ~/.ssh directory or authorized_keys file on the server.
  • Wrong ownership of the .ssh directory or its contents (must be owned by the user).
  • Key not in the correct location – the public key must be appended to ~/.ssh/authorized_keys.
  • SSH daemon configurationPubkeyAuthentication may be set to no or AuthorizedKeysFile points to a different path.
  • Key format issues – using an old or incompatible key format, or the private key has incorrect permissions on the client.
  • SELinux or AppArmor restrictions blocking SSH from reading the key file.

Step-by-Step Fix

1. Check and Fix Permissions on the Server

Log in using an alternative method (password, console, or another user) and run:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R $(whoami):$(whoami) ~/.ssh

Ensure the home directory is not writable by group or others: chmod go-w ~

2. Verify the Public Key is Correctly Installed

Check that your public key is in ~/.ssh/authorized_keys. It should be a single line starting with ssh-rsa, ssh-ed25519, etc. Append it if missing:

echo 'your-public-key-here' >> ~/.ssh/authorized_keys

3. Test SSH with Verbose Output

From the client, run:

ssh -vvv user@server

Look for lines like debug1: Authentications that can continue: publickey and debug1: Offering public key: .... If you see debug1: Authentication refused: bad permissions, permissions are the issue.

4. Check SSH Server Configuration

On the server, inspect /etc/ssh/sshd_config:

grep -E '^(PubkeyAuthentication|AuthorizedKeysFile|PasswordAuthentication)' /etc/ssh/sshd_config

Ensure PubkeyAuthentication yes and AuthorizedKeysFile .ssh/authorized_keys. If changed, restart SSH: sudo systemctl restart sshd.

5. Fix Client-Side Private Key Permissions

The private key on the client must have restricted permissions:

chmod 600 ~/.ssh/id_rsa   # or id_ed25519, etc.

6. Check SELinux/AppArmor

If SELinux is enforcing, restore context:

restorecon -Rv ~/.ssh

For AppArmor, check logs in /var/log/syslog for denials.

Alternative Fixes

  • Use ssh-copy-id to automate key installation: ssh-copy-id user@server (requires password access).
  • Manually copy the key using cat ~/.ssh/id_rsa.pub | ssh user@server 'cat >> ~/.ssh/authorized_keys'.
  • Check key type – older servers may not support Ed25519; try RSA with at least 2048 bits.
  • Disable StrictHostKeyChecking temporarily (not recommended for production).

Prevention

  • Always use ssh-copy-id or a configuration management tool (Ansible, Puppet) to deploy keys.
  • Set proper permissions automatically in user creation scripts.
  • Regularly audit ~/.ssh permissions with cron or monitoring tools.
  • Keep SSH server updated and use key-based authentication only (disable password auth after testing).
  • Use SSH certificates for large environments to avoid managing individual keys.

By following these steps, you should resolve the 'Permission denied (publickey)' error and secure your SSH connections.

Was this solution helpful?

SSH permission denied publickey authentication Linux Unix authorized_keys permissions chmod sshd debug key pair RSA ECDSA Ed25519 ssh-copy-id