sshjerk
By:
sshjerk

Permission denied (publickey). I cannot figure this out, please help.

July 13, 2017 101 views
Server Optimization Ubuntu

Trying to ssh into my newly created droplet and I cannot for the life of me figure out how to solve this error I'm getting after successfully creating my key pair on my local machine:

Permission denied (publickey).

I have chmod 700 my /.ssh folder, and I have chmod 644 my /.ssh

Still the same error, hopefully someone can help me solve this.

2 Answers

@sshjerk

To enable public key authentication you must do the following:

1- On your local machine, create a ssh key par with ssh-keygen.
2- Copy your public key to the server using ssh-copy-id <username>@<server ip>
3- Then you can login using ssh <username>@<server ip>

Hope this helps.

@sshjerk

You should only need to setup .ssh for individual users. The root user already has this directory on Ubuntu -- ~/.ssh -- and it's permissions are already set.

So what you need to do depends on who you're trying to set the SSH Key up for.

...

For root, you'd generate a key pair locally and add the public key to ~/.ssh/authorized_keys. You'd then use the private key to log in.

For example, I'm on MacOS, so I'd open up Terminal and run:

ssh-keygen -a 500 \
           -b 4096 \
           -C "" \
           -E sha256 \
           -o \
           -t rsa

From there, I'll be prompted to set a location for storing the keys generated by the command, so I'll provide a path and name. You'll then be prompted for a passphrase and asked to confirm.

Once the key is saved locally, you can then cat it locally and then copy and paste it to the server or us the ssh-copy-id command. I normally copy and paste :-).

...

If you're setting up SSH Keys for non-root users, you need to make sure the user is setup properly.

mkdir -p /home/mynewuser/.ssh
touch /home/mynewuser/.ssh/authorized_keys
useradd -d /home/mynewuser mynewuser
chmod 700 /home/mynewuser/.ssh
chmod 644 /home/mynewuser/.ssh/authorized_keys
chown -R /home/mynewuser
chown root:root /home/mynewuser

Now that the new user is setup, you can copy the public key to the users authorized_keys file.

...

The public key doesn't need to exist anywhere other than in the authorized_keys file on the Droplet. The private key should not be uploaded at all, instead, only used locally to connect.

Have another answer? Share your knowledge.