How to Fix: SSH Failed Permission Denied (publickey) -Ubuntu

In this article we will learn how to fix SSH failed permission denied(publickey) in Ubuntu. We will also cover how to troubleshoot SSH and resolving Permission Denied Issues.

Introduction:

SSH (Secure Shell) is a widely used protocol for secure communication over networks, particularly in remote server administration. However, encountering a "Permission Denied" error can be frustrating for users attempting to establish an SSH connection.

This article aims to guide you through the troubleshooting process and provide solutions to fix SSH failed permission denied issues. Sometimes you may repeat the process from the beginning. In this case you can use guide to setup new SSH key like: Setting up an SSH key

1. Check User Permissions

One of the most common causes of SSH permission denied errors is incorrect user permissions. Ensure that the user attempting to connect has the appropriate permissions for accessing the Ubuntu server.

Verify that the user has the correct privileges in the server's authorized_keys file:

In home directory run the following command:

chown -R your_user:your_user .ssh

then you need to run

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

or you can run the same command from different folder:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

2. Key Pair Configuration

Confirm that you are using the correct key pair for authentication. If you are using key-based authentication, make sure the public key is correctly added to the server's authorized_keys file.

Verify that the private key is accessible and has the right permissions on the client side.

chmod 600 ~/.ssh/id_rsa

3. SELinux and AppArmor

If your server has:

  • SELinux
  • AppArmor

enabled, these security modules may prevent SSH connections.

Examine the logs and adjust the security policies accordingly. You can temporarily disable SELinux or AppArmor for testing purposes:

setenforce 0  # For SELinux

Check the resource section for more information and why this might be not the best solution.

4. Password Authentication

Ensure that password authentication is allowed on the server. In the server's sshd_config file

sudo nano /etc/ssh/sshd_config

make sure the following lines are uncommented and set as:

PermitRootLogin no
PubkeyAuthentication yes

Restart the service:

sudo systemctl restart sshd

5. Check Authentication Logs

Examine the authentication logs on the server for more detailed information about the permission denied error.

Common log locations include

  • /var/log/auth.log - Debian-based systems
  • /var/log/secure - Red Hat

Example examination via:

tail -f /var/log/auth.log -n 100

6. Firewall Configuration

Confirm that the firewall settings allow SSH traffic. If using a firewall like:

  • iptables
  • ufw
    make sure the necessary ports (default is 22) are open.
sudo ufw allow 22

7. Update SSH Packages:

Ensure that both the client and server have up-to-date SSH packages installed.

Outdated software may have known issues that have been addressed in newer releases:

For Debian-based systems

sudo apt-get update && sudo apt-get upgrade

and for Red Hat:

sudo yum update

Conclusion:

By systematically addressing these common issues, you can troubleshoot and resolve SSH failed permission denied errors.

It's better to take a careful and step-by-step approach, by following well written guides and considering best practices when you create a new SSH key.

Resources