What's Actually Happening
SSH connection fails with permission denied error. Users cannot authenticate to remote servers even with correct credentials.
The Error You'll See
```bash $ ssh user@server
user@server: Permission denied (publickey,password). ```
Or:
```bash $ ssh user@server
Permission denied (publickey). ```
Why This Happens
- 1.Wrong file permissions on SSH keys
- 2.User not in authorized_keys
- 3.SSH key not added to agent
- 4.Server disabled password auth
- 5.Wrong username
- 6.SSH config restrictions
Step 1: Check Key Permissions
bash
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/authorized_keys
ls -la ~/.ssh/Step 2: Check Authorized Keys
bash
cat ~/.ssh/authorized_keys
ssh-copy-id user@server
# On server:
cat /home/user/.ssh/authorized_keysStep 3: Check SSH Agent
bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
ssh-add -l
ssh -A user@serverStep 4: Check Server Config
bash
# On server:
cat /etc/ssh/sshd_config | grep -E "PubkeyAuthentication|PasswordAuthentication"
# Should have:
PubkeyAuthentication yes
PasswordAuthentication yes # If using passwordsStep 5: Check Username
bash
whoami
ssh correct-username@server
ssh -v user@serverStep 6: Check SSH Key Match
bash
ssh-keygen -lf ~/.ssh/id_rsa.pub
# On server:
ssh-keygen -lf /home/user/.ssh/authorized_keysStep 7: Debug SSH Connection
bash
ssh -vvv user@server
ssh -o PreferredAuthentications=password user@serverStep 8: Check Server Logs
bash
# On server:
tail -f /var/log/auth.log
journalctl -u sshd -f
grep "Failed\|Accepted" /var/log/auth.logStep 9: Fix SELinux Issues
bash
restorecon -Rv ~/.ssh
chcon -R -t ssh_home_t ~/.sshStep 10: Test Connection
bash
ssh -i ~/.ssh/id_rsa user@server
ssh -o StrictHostKeyChecking=no user@serverRelated Issues
- [Fix SSH Connection Refused](/articles/fix-ssh-connection-refused)
- [Fix SSH Key Not Working](/articles/fix-ssh-key-not-working)