{"id":8620,"date":"2025-03-28T12:17:47","date_gmt":"2025-03-28T12:17:47","guid":{"rendered":"https:\/\/chemicloud.com\/kb\/?post_type=ht_kb&p=8620"},"modified":"2025-03-28T12:17:47","modified_gmt":"2025-03-28T12:17:47","slug":"ssh-permission-denied-publickey-error","status":"publish","type":"ht_kb","link":"https:\/\/chemicloud.com\/kb\/article\/ssh-permission-denied-publickey-error\/","title":{"rendered":"How to Fix SSH Permission Denied (publickey) Error on Linux and Mac"},"content":{"rendered":"

The “Permission denied (publickey,gssapi-keyex,gssapi-with-mic)” error you’re encountering suggests that SSH is unable to authenticate using the private key located at:<\/p>\n

~\/.ssh\/id_rsa<\/p>\n

Here\u2019s a step-by-step guide to troubleshoot and resolve this:<\/p>\n

Step 1) Check If SSH Agent Is Running and Add the Key<\/strong><\/p>\n

Run the following to check if your SSH key is loaded in the agent:<\/p>\n

\n
ssh-add -l
\n<\/code><\/div>\n<\/div>\n
    \n
  • \n

    If you see something like:<\/p>\n<\/li>\n<\/ul>\n

    \n
    <\/div>\n
    The<\/span> agent has no<\/span> identities.
    \n<\/code><\/div>\n<\/div>\n

    Add the key manually:<\/p>\n

    \n
    ssh-add ~\/.ssh\/id_rsa
    \n<\/code><\/div>\n<\/div>\n
      \n
    • \n

      If your key is encrypted, it will ask for the passphrase.<\/p>\n<\/li>\n

    • \n

      Once added, try connecting again:<\/p>\n<\/li>\n<\/ul>\n

      \n
      <\/div>\n
      ssh username@server-ip-address<\/code><\/code><\/div>\n<\/div>\n
      \n

      Step 2) Check File Permissions<\/strong><\/p>\n

      Incorrect file permissions can cause the Permission denied<\/code> error. Run the following:<\/p>\n

      \n
      \n
      \n
      <\/div>\n<\/div>\n<\/div>\n
      # Correct permissions for private key<\/span>\r\nchmod<\/span> 600 ~\/.ssh\/id_rsa\r\n\r\n# \r\nCorrect permissions for public key<\/span>\r\nchmod<\/span> 644 ~\/.ssh\/id_rsa.pub\r\n\r\n# Correct permissions for the .ssh folder<\/span>\r\nchmod<\/span> 700 ~\/.ssh\r\n<\/code><\/pre>\n<\/div>\n
      \n
      Step 3) Verify Key Usage in SSH Config (Optional)<\/strong><\/p>\n
      If you are using a custom SSH key or different config, check the SSH config file:<\/p>\n
      \n
      nano ~\/.ssh\/config
      \n<\/code><\/div>\n<\/div>\n
      Ensure the following is in place (replace with the correct IP if needed):<\/p>\n
      \n
      Host<\/span> server-ip-address <\/span>User user-to-connect\u00a0 \u00a0 \u00a0IdentityFile ~\/.ssh\/id_rsa\r\n<\/code><\/pre>\n<\/div>\n
      \n
      Step 4) Test Verbose Mode for Debugging<\/strong><\/p>\n
      If it still doesn\u2019t work, run SSH in verbose mode to get more details:<\/p>\n
      \n
      ssh -v username@server-ip-address-or-hostname<\/code><\/div>\n<\/div>\n
      This will help identify any configuration issues.<\/p>\n
      \n
      Step 5) Regenerate SSH Key (if needed)<\/strong><\/p>\n
      If the key is corrupted or invalid, regenerate a new key:<\/p>\n
      \n
      ssh-keygen -t rsa -b 4096 -C \"your_email@example.com\"<\/span>
      \n<\/code><\/div>\n<\/div>\n
        \n
      • \n
        Save the new key as id_rsa<\/code> in the ~\/.ssh<\/code> directory.<\/p>\n<\/li>\n
      • \n
        Add the new public key to the server\u2019s ~\/.ssh\/authorized_keys<\/code> file.<\/p>\n<\/li>\n<\/ul>\n
        \n
        Step 6) Check if Public Key is added on the Server<\/strong><\/p>\n
        If you suspect the key is missing on the server, ensure that your public key is added to the ~\/.ssh\/authorized_keys<\/code> on the server.<\/p>\n
        \n
        If none of these steps work, send the output of verbose mode to your server administrator.<\/p>\n","protected":false},"excerpt":{"rendered":"
        The “Permission denied (publickey,gssapi-keyex,gssapi-with-mic)” error you’re encountering suggests that SSH is unable to authenticate using the private key located at: ~\/.ssh\/id_rsa Here\u2019s a step-by-step guide to troubleshoot and resolve this: Step 1) Check If SSH Agent Is Running and Add the Key Run the following to check if your SSH…<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"ht-kb-category":[37],"ht-kb-tag":[],"class_list":["post-8620","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-ftp-and-ssh-access"],"_links":{"self":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb\/8620","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/comments?post=8620"}],"version-history":[{"count":1,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb\/8620\/revisions"}],"predecessor-version":[{"id":8621,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb\/8620\/revisions\/8621"}],"wp:attachment":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/media?parent=8620"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb-category?post=8620"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb-tag?post=8620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}