SSH: Permission denied (publickey)

Diagnose and fix 'Permission denied (publickey)' when SSH key authentication fails due to wrong keys, file permissions, or agent issues.

When SSH Produces "Permission denied (publickey)"
What Causes "Permission denied (publickey)" in SSH
How to Fix "Permission denied (publickey)" in SSH
How to Verify the Fix
Related SSH Errors

SSH produces "Permission denied (publickey)" when the server rejects all offered public keys during key-based authentication because no key matches the server's authorized_keys file.

When SSH Produces "Permission denied (publickey)"

SSH displays "Permission denied (publickey)" after the TLS handshake succeeds but authentication fails. The SSH client offered one or more public keys, and the server rejected all of them. This error appears when password authentication is disabled on the server and key authentication is the only allowed method.

What Causes "Permission denied (publickey)" in SSH

The SSH client's private key does not match any public key in the server's ~/.ssh/authorized_keys file. This occurs when the wrong key file is offered, the public key was never copied to the server, or the key was copied to the wrong user's home directory.

Incorrect file permissions on the server are the second most common cause. SSH enforces strict permission checks: ~/.ssh must be 700, ~/.ssh/authorized_keys must be 600, and the home directory must not be world-writable. If any permission is too open, SSH silently rejects the key without explaining why.

The SSH agent may offer too many keys before the correct one. When the agent holds 5+ keys, the server may reject the connection after reaching its maximum authentication attempts (default: 6). See SSH: Too many authentication failures.

How to Fix "Permission denied (publickey)" in SSH

Verify which key SSH is offering with verbose output:

ssh -v user@203.0.113.50 2>&1 | grep "Offering public key"

Confirm the matching public key exists on the server:

ssh user@203.0.113.50 "cat ~/.ssh/authorized_keys"

Fix file permissions on the remote server:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 755 ~

Specify the correct key explicitly:

ssh -i ~/.ssh/correct_key user@203.0.113.50

How to Verify the Fix

SSH connects without the "Permission denied" error and the verbose output shows successful public key authentication:

Authenticated to 203.0.113.50 using "publickey".

Related SSH Errors

SSH: Connection refused— the SSH daemon is not running or the port is blocked. SSH: Connection timed out— a firewall is dropping packets before they reach the SSH daemon.