Question
Error Permission denied (publickey) when I try to ssh
- Posted on March 16, 2017
- DebianDigitalOcean
Asked by Animesh Bulusu
Note from DigitalOcean Community team: The user @intalix has provided a popular answer to this question here: https://www.digitalocean.com/community/questions/error-permission-denied-publickey-when-i-try-to-ssh?comment=169562
Recently I threw out my old linux laptop and set everything up again in my new laptop. The only trouble I have now is not being able to log in to my DO instance via ssh. This instance had one ssh key setup before and in the sshd config it had permitrootlogin set to no. So I created a new ssh key to be able to login from this new laptop.
$ ssh-keygen -t rsa -C "gitlab" -b 4096
Then added the public key this to the instance. Now I try to login
$ ssh user@server
I get asked password for this user. I am able to login using the password. This isn’t how I was logging in before. I used to type my ssh passphrase. So I thought this may be because this is a new key and I disabled password authentication in sshd config. After this, I get the error
$ ssh user@server
Permission denied (publickey)
I checked online and set the permission to .ssh folder to 700. Still I get the same error. I can access the online console of the instance, but don’t know what to do.
How do I resolve this?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Featured on Community
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
The issue is within your
sshd_configfile.Here is the ULTIMATE solution to this issue:
Log as root to your Ubuntu server
Use vim or nano to edit the contents of
/etc/ssh/sshd_configEg.vi /etc/ssh/sshd_configornano /etc/ssh/sshd_configNow go to the very bottom of the file (to the line with
PasswordAuthentication) - Change the value next toPasswordAuthenticationfromnotoyes. It should now look like this:sudo service sshd reloadWith this done, you can now set up your new SSH key for your LOCAL device. To do this, you can run the following from your LOCAL device, not the server:
(Make sure to replace
usernamewith your username on the droplet anddroplet.ipwith the full IP address of your droplet)With this done, you should be good to go, connecting with SSH keys!
@animesh
When you create a user using
useradd, you’ll need to specify their home directory or useusermodto change it (as would be the case if the user already exists).What I normally do is create the directories first:
Create the
authorized_keysfile:Then add the user:
Set proper permissions:
Set ownership:
Once that’s done, you should be able to login with
myuser.If you already have a user:
and then continue with the above.
I would like to discourage people from enabling
PasswordAuthenticationbecause it’s less secure than using an ssh key. Here is the answer you’re most likely looking for.Short Answer: As Root, run the following commands after creating the user:
cp -r ~/.ssh /home/{new_user}/sudo chown -R {new_user}:{new_user} /home/{new_user}/.sshThis is basically copying over the ssh key from the root user to the new user, which I would assume the new user is for you so you won’t have to login as root. If the new user is for someone else you can either create an ssh public key for them and give it to them or have them give you their existing ssh public key and place it in their
/home/{new_user}/.sshdirectory.