Troubleshoot SSH Permission Denied Publickey on Ubuntu

Encountering the “Permission denied (publickey)” error when connecting via SSH to an Ubuntu server indicates that the server rejected your SSH key credentials. This troubleshooting guide provides a direct, step-by-step approach to resolve this issue by verifying local SSH keys, correcting file permissions, updating remote authorized keys, and checking SSH daemon configurations.

Step 1: Run SSH in Verbose Mode

Before changing any settings, run the SSH command with the -v (verbose) flag to identify exactly where the connection is failing.

ssh -v user@your_server_ip

Look closely at the output lines starting with debug1:. This will tell you which identity files (keys) your client is presenting and which authentication methods the server is accepting.

Step 2: Verify Your Local SSH Key Exists and is Loaded

Ensure you actually have a valid private key on your Ubuntu client and that it is registered with your SSH agent.

  1. Check if your SSH keys exist in your local directory:

    ls -la ~/.ssh

    You should see your private key (e.g., id_rsa or id_ed25519) and its corresponding public key with a .pub extension.

  2. Ensure the SSH agent is running and add your private key to it:

    eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

    (Replace id_rsa with your actual private key file name if different).

Step 3: Fix File and Directory Permissions

SSH is highly sensitive to file permissions. If permissions are too open, the SSH server will reject the connection for security reasons. Run the following commands to set the correct permissions.

On the Local Ubuntu Client:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa

On the Remote Ubuntu Server:

If you have console access to the remote server (via a cloud provider dashboard or physical terminal), ensure the remote permissions are configured as follows:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R user:user ~/.ssh

(Replace user:user with your actual remote username).

Step 4: Confirm the Public Key is on the Server

The remote server must have your public key inside its authorized_keys file.

  1. Open your local public key and copy its content:

    cat ~/.ssh/id_rsa.pub

  2. Log into the remote server (using a web console or password-based SSH if allowed) and check the contents of ~/.ssh/authorized_keys:

    cat ~/.ssh/authorized_keys

  3. If your public key is missing, append it to the file:

    echo "your_copied_public_key_string" >> ~/.ssh/authorized_keys

Step 5: Verify SSH Server Configuration

If the key and permissions are correct, the issue might lie in the SSH daemon configuration (sshd_config) on the remote server.

  1. Open the SSH configuration file on the remote server:

    sudo nano /etc/ssh/sshd_config

  2. Ensure the following settings are active and set to yes:

    PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

  3. If you made changes, save the file and restart the SSH service:

    sudo systemctl restart ssh