Permission Denied (publickey): Fixing SSH the Right Way

The single most demoralising error for anyone new to servers. It's almost never random — here's the checklist that fixes it 95% of the time.

BytExplorer 5 min read June 27, 2026

Permission denied (publickey) means the server received your connection but rejected every key you offered. It's not random, and it's not "SSH being broken." Work this checklist top to bottom.

1. Are you offering the right key?

Add -v to see exactly which keys SSH is trying:

ssh -v user@your-server

Look for lines like Offering public key. If your key never appears, SSH doesn't know about it — point at it explicitly:

ssh -i ~/.ssh/id_ed25519 user@your-server

2. Is the public key actually on the server?

Your public key (.pub) must be in the server's ~/.ssh/authorized_keys for the user you're logging in as. A common mistake is putting it under the wrong user's home directory.

3. Permissions are too open

SSH silently refuses keys if the files are world-readable. On the server:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

If ~/.ssh or authorized_keys is group/other-writable, SSH ignores it entirely — and the error gives you no hint why.

4. Right user, right key

ssh root@ when the key is on the deploy user will always fail. Match the username to the account the key was installed for.

Still stuck?

Read the server side. sudo journalctl -u ssh (or /var/log/auth.log) will usually tell you the real reason in plain English. The answer is almost always one of the four above.

Put it into practice

Stop reading, start building

This pairs with a hands-on BytExplorer course — do it on your own machine and actually keep the skill.

More in Troubleshooting