Encountering the dreaded Permission denied (publickey) error while trying to SSH into your Linux server? You’re not alone. This is one of the most common SSH connection errors, especially when dealing with cloud servers (like AWS EC2, DigitalOcean, Linode, etc.).
In this guide, we’ll walk you through step-by-step debugging techniques and show you exactly how to fix this SSH issue on Ubuntu, CentOS, or any other Linux distribution.
🚩 What Does “Permission Denied (publickey)” Mean?
This error means that your SSH client is trying to use public key authentication, but the server is not accepting your key, or you’re not providing one at all. Password authentication is either disabled or not attempted.
✅ Step-by-Step Guide to Fix “Permission Denied (publickey)” Error
1. ✅ Check the SSH Command Syntax
Make sure you’re using the correct command:
ssh -i /path/to/private-key.pem user@server_ip- -i: Path to your private key
- user: The correct username (e.g., ubuntu, ec2-user, root)
- server_ip: Your server’s public IP or domain
💡 Pro Tip: Always double-check your user. Using root instead of ubuntu can throw this error if root login is disabled.
2. 🔍 Check File Permissions on SSH Keys
Incorrect file permissions will cause SSH to ignore your keys.
Run:
chmod 600 /path/to/private-key.pemIf your .ssh directory has wrong permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys3. 🗝️ Verify That the Public Key is in authorized_keys
Log into the server through an alternate method (like console access) and check:
cat ~/.ssh/authorized_keysMake sure the public key (usually .pub) matches the one corresponding to your private key.
4. 👤 Ensure Correct Username
Cloud providers use different default users:
| Provider | Default SSH User |
| AWS EC2 (Ubuntu) | ubuntu |
| AWS EC2 (Amazon Linux) | ec2-user |
| DigitalOcean | root |
| Linode | root or your_user |
If you use the wrong username, you’ll get a Permission denied (publickey) error.
5. 🔒 Check sshd_config for Authentication Settings
On the server, open /etc/ssh/sshd_config:
sudo nano /etc/ssh/sshd_configMake sure these lines are correct:
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keysRestart the SSH service:
sudo systemctl restart ssh6. 🧪 Enable SSH Debug Mode (Client Side)
Add -v for verbose output:
ssh -v -i /path/to/private-key.pem user@server_ipLook for lines like:
debug1: Offering public key: /path/to/key
debug1: Authentications that can continue: publickey
Permission denied (publickey).This helps pinpoint whether the key is being offered and why it’s rejected.
7. 💻 Server Debug Mode (Advanced)
If you have access to the server:
- Stop the SSH daemon:
sudo systemctl stop ssh- Run it manually in debug mode:
sudo /usr/sbin/sshd -d- Attempt connection from another terminal.
⚠️ Be cautious—this can lock you out of the server. Only do this if you have console access.
8. 🧹 Delete and Re-add Keys if Necessary
Sometimes, it’s easier to delete the existing key pair and generate a new one:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/new_keyCopy the public key to the server:
ssh-copy-id -i ~/.ssh/new_key.pub user@server_ip9. 🔁 Convert .PEM to .PPK (For PuTTY Users)
If you’re on Windows using PuTTY, convert .pem to .ppk using PuTTYgen.
More: How to convert PEM to PPK
10. 🧯 Check Firewall/Security Group Settings
Make sure port 22 is open in your cloud provider’s security group or firewall rules.
🧠 Conclusion
The ‘Permission Denied (publickey)’ SSH error may seem frustrating at first, but with a systematic approach, it’s easily solvable. From checking key permissions to enabling SSH debug mode, you now have a full toolkit to fix it like a pro.
