Permission Denied (publickey): Fixing SSH the Right Way
The single most demoralising error for anyone new to servers. It's almost never random — here's the checklist that fixes it 95% of the time.
Permission denied (publickey) means the server received your connection but rejected every key you offered. It's not random, and it's not "SSH being broken." Work this checklist top to bottom.
1. Are you offering the right key?
Add -v to see exactly which keys SSH is trying:
ssh -v user@your-server
Look for lines like Offering public key. If your key never appears, SSH doesn't know about it — point at it explicitly:
ssh -i ~/.ssh/id_ed25519 user@your-server
2. Is the public key actually on the server?
Your public key (.pub) must be in the server's ~/.ssh/authorized_keys for the user you're logging in as. A common mistake is putting it under the wrong user's home directory.
3. Permissions are too open
SSH silently refuses keys if the files are world-readable. On the server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
If
~/.sshorauthorized_keysis group/other-writable, SSH ignores it entirely — and the error gives you no hint why.
4. Right user, right key
ssh root@ when the key is on the deploy user will always fail. Match the username to the account the key was installed for.
Still stuck?
Read the server side. sudo journalctl -u ssh (or /var/log/auth.log) will usually tell you the real reason in plain English. The answer is almost always one of the four above.
Stop reading, start building
This pairs with a hands-on BytExplorer course — do it on your own machine and actually keep the skill.