SSH Authentication Failed / Refused / Denied with Public Key
I'm trying to change my SSH authentication method from password based to public key based. One issue I keep facing is I cannot logging in using my public key although I've uploaded my key to the server. The error message always being Permission denied (publickey).
Thankfully, we can make our ssh client more informative by using -vvv flag.
$ ssh -vvv jason@serverNext, we can figure out why we're facing this issue. Here's what my ssh debug log:
... snips
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jason/.ssh/id_rsa
Enter passphrase for key '/home/jason/.ssh/id_rsa':
debug3: sign_and_send_pubkey: RSA SHA256:+dvJ...
debug3: sign_and_send_pubkey: signing using ssh-rsa SHA256:+dvJ...
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
jason@server: Permission denied (publickey).
... snip
It seems that I've successfully sent my public key, but somehow the ssh server won't accept it. Let's try to figure out what's happened on the server.
Most of the time, we can still access our server using its console. In my case, I'm using my VPS built-in console. Let's fire it up and check this file /var/log/secure.
$ tail /var/log/messages
Apr 3 03:23:22 server sshd[12481]: Authentication refused: bad ownership or modes for directory /home/jasonThere you go. We've figured it out. As you can see, the main reason why our SSH failed is bad ownership or modes for directory /home/jason.
SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600 :
These commands should fix your permission as expected by SSH.
$ chmod g-w /home/jason
$ chmod 700 /home/jason/.ssh
$ chmod 600 /home/jason/.ssh/authorized_keys
Off course, you should change jason with your username.
Final Words
I hope that you now know how to fix SSH Authentication Failed / Refused / Denied. If you run into any issues or have any feedback feel free to drop a comment below.
