Fix SSH Permission Denied with Public Key Authentication

Linux & Unix Intermediate 👁 0 views 📅 May 25, 2026

SSH public key authentication fails with 'Permission denied (publickey)' due to incorrect file permissions, wrong key placement, or SSH config issues. This guide covers diagnosis and resolution.

Symptoms

When attempting to connect to a remote Linux/Unix server via SSH using public key authentication, the connection fails with the error message: Permission denied (publickey). The client may also see: Authentication failed or No supported authentication methods available. This occurs even though the public key has been copied to the server's ~/.ssh/authorized_keys file.

Root Causes

The most common causes are:

  1. Incorrect file permissions on the ~/.ssh directory, authorized_keys file, or the user's home directory.
  2. Wrong key location – the public key is not appended to the correct authorized_keys file for the target user.
  3. SSH daemon configurationsshd_config may have PubkeyAuthentication no or other restrictive settings.
  4. SELinux or AppArmor blocking SSH key access.
  5. Key format issues – the public key may be corrupted or in an unsupported format.

Step-by-Step Fix

1. Verify SSH Key Pair

Ensure you have a valid key pair on the client machine. Check for id_rsa (private) and id_rsa.pub (public) in ~/.ssh/. If missing, generate a new pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

2. Copy Public Key Correctly

Use ssh-copy-id to safely copy the public key to the server:

ssh-copy-id user@remote_server

If not available, manually append the key:

cat ~/.ssh/id_rsa.pub | ssh user@remote_server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

3. Fix Permissions on Server

Log into the server (using password or console) and set correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 755 ~

Ensure the home directory is not writable by group or others.

4. Check SSH Daemon Configuration

Edit /etc/ssh/sshd_config on the server. Verify these settings:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no (optional, for security)
ChallengeResponseAuthentication no

Restart SSH service:

sudo systemctl restart sshd

5. Check SELinux/AppArmor

If SELinux is enforcing, restore contexts:

restorecon -Rv ~/.ssh

For AppArmor, check logs with journalctl and adjust profiles if needed.

6. Enable Verbose Logging

Run SSH with -vvv to see detailed debug output:

ssh -vvv user@remote_server

Look for lines like debug1: Authentication refused: bad permissions or debug1: Offering public key.

Alternative Fixes

  • Use different key type – try Ed25519 (ssh-keygen -t ed25519).
  • Check home directory permissions – must not be group-writable.
  • Verify key in authorized_keys – ensure no extra whitespace or line breaks.
  • Disable SELinux temporarily (for testing): sudo setenforce 0.

Prevention

  • Always use ssh-copy-id to transfer public keys.
  • Set proper permissions immediately after creating .ssh directory.
  • Regularly audit sshd_config for security best practices.
  • Use key passphrases and consider SSH agent for convenience.
  • Monitor authentication logs with journalctl -u sshd or /var/log/auth.log.

By following these steps, you can resolve SSH public key permission denied errors and ensure secure, passwordless authentication.

Was this solution helpful?

SSH public key authentication permission denied authorized_keys chmod sshd_config key permissions Linux Unix troubleshooting secure shell authentication failure .ssh directory key pair RSA