Learn Fix: Permission denied (publickey)

Q: How do I generate a new SSH key pair?

Run ssh-keygen -t ed25519 -a 100 for a modern secure key, or ssh-keygen -t rsa -b 4096 for RSA compatibility. This creates ~/.ssh/id_ed25519 (private) and ~/.ssh/id_ed25519.pub (public). Then use ssh-copy-id to install the public key on the server.

Fix These Errors

Permission denied (publickey)

DodaTech 2 min read

SSH rejected your public key authentication. Fix it with ssh-copy-id, set authorized_keys permissions to 600, and reload your ssh-agent.

What It Means

SSH public key authentication works by proving you hold the private key that matches a public key in the server’s ~/.ssh/authorized_keys file. When the server responds with Permission denied (publickey), it means either no matching key was found, the key file permissions are wrong, or the server is configured to reject key-based auth.

Why It Happens

Your public key is not in the server’s ~/.ssh/authorized_keys file.
The ~/.ssh directory or authorized_keys file has incorrect permissions.
Your private key has overly permissive permissions (SSH requires 600 or less).
The ssh-agent is not running or doesn’t hold your key.
The server’s sshd_config has PasswordAuthentication no and no key works.
You’re connecting with the wrong username or trying the wrong key file.

How to Fix It

1. Copy your public key to the server

ssh-copy-id user@hostname

This appends your local ~/.ssh/id_rsa.pub (or id_ed25519.pub) to the server’s ~/.ssh/authorized_keys. Enter the server password when prompted.

2. Manually add the key if ssh-copy-id fails

cat ~/.ssh/id_rsa.pub | ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

If password login is disabled, use a VPS console or out-of-band management to add the key manually.

3. Fix permissions on the server

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

SSH is strict: the .ssh directory must not be writable by group or others, and authorized_keys must be read-only for the owner.

4. Fix permissions on your local private key

chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_ed25519

SSH refuses to use a private key that’s accessible by anyone other than the owner.

5. Verify ssh-agent is running and loaded

eval "$(ssh-agent -s)"
ssh-add -l

If the agent is running but no identities are listed, add your key:

ssh-add ~/.ssh/id_rsa

6. Connect with verbose output

ssh -vvv user@hostname

Look for lines like Offering public key and Authentication refused. The debug output shows exactly which keys were tried and why the server rejected them.

What does 'server refused our key' mean in verbose output?

It means the server received your public key, looked it up in authorized_keys, and found no matching entry. Either the key isn’t in the file, or the file’s permissions are too permissive (SSH ignores a world-writable authorized_keys).

How do I generate a new SSH key pair?

Run ssh-keygen -t ed25519 -a 100 for a modern secure key, or ssh-keygen -t rsa -b 4096 for RSA compatibility. This creates ~/.ssh/id_ed25519 (private) and ~/.ssh/id_ed25519.pub (public). Then use ssh-copy-id to install the public key on the server.

Previous Merge conflict in ... Next redefinition of '...'

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Fix These Errors