Linux & VPS

Fix SSH "Permission denied (publickey)"

Permission denied (publickey)Permission denied (publickey,password)Server refused our key
6 min read Updated 17 June 2026 ESAGAMES Team

The "Permission denied (publickey)" error means the SSH server would not accept your key, or you offered the wrong one. It is almost always one of four causes — here is how to find which, and fix it.

See the real reason

Run the connection with -v (verbose): ssh -v user@server. The output shows exactly which keys were offered and why each was rejected — the fastest way to diagnose this.

Cause 1: wrong username

A key installed for one user will not work for another. Cloud images often use a specific default user — for example root, ubuntu, debian or almalinux — not your own name. Try the correct user for your distro.

Cause 2: the key is not on the server (or is the wrong one)

Your public key must be in ~/.ssh/authorized_keys on the server, for the user you log in as. If it is missing, add it (via console access or your host's panel). Make sure your client offers the matching private key:

ssh -i ~/.ssh/id_ed25519 user@your-server-ip

Cause 3: wrong file permissions (very common)

SSH refuses keys if the permissions are too open — this is a security feature. On the server, the .ssh folder and authorized_keys file must be locked down:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R $USER:$USER ~/.ssh

On your local machine, your private key should be chmod 600 too.

Cause 4: keys only, and yours is not working

If password login is disabled (good hardening) and your key fails, you cannot fall back to a password — you must fix the key or use your host's console/recovery to add a working one. This is why you should always test a new key before disabling passwords.

The quick checklist

  1. Run ssh -v and read which key is rejected and why.
  2. Confirm you are using the correct username for your image.
  3. Make sure your public key is in the server's ~/.ssh/authorized_keys.
  4. Fix permissions: 700 on .ssh, 600 on authorized_keys.
  5. Point to the right private key with -i.
Nine times out of ten this is either the wrong username or too-open permissions on ~/.ssh. Check those two first.

Root access, done right

Our VPS plans include console recovery and full SSH access on a protected network — never get permanently locked out.

See VPS hosting
FAQ

Frequently asked questions

What does "Permission denied (publickey)" actually mean?

The SSH server is set to accept key authentication, but none of the keys your client offered were accepted — usually the wrong key, the wrong user, or bad permissions on the server's ~/.ssh files.

How do I fix it if I am completely locked out?

Use your host's web console, VNC or recovery mode to log in outside SSH, then add your public key to ~/.ssh/authorized_keys and fix the folder permissions.

Why do file permissions matter for SSH keys?

SSH deliberately ignores keys when the .ssh folder or authorized_keys file is readable by others, to stop a compromised account from leaking keys. They must be 700 and 600 respectively.

Knowledge base

Related articles

Linux & VPS

Fix SSH "Connection refused" / "Connection timed out"

SSH "connection refused" vs "timed out" — what each means and the exact steps to fix them.

Read fix Linux & VPS

Fix "Permission denied" on Linux (chmod & chown Explained)

"Permission denied" on a script or file? Understand chmod/chown and fix it the right way.

Read fix Linux & VPS

How to Check CPU, RAM & Disk Usage on a Linux Server

The essential commands to check CPU, RAM and disk on Linux — and find what's eating them.

Read fix

Skip the troubleshooting

Managed, protected hosting in Frankfurt — we handle the Linux, the network and the DDoS so you don't have to.

Game hosting All articles
Payments Secure checkout with cards, banking apps and digital wallets.

Choose the payment flow that fits your stack and region without leaving the platform.

Pay by Zen Visa Mastercard Paysafecard PaysafeCash Skrill Trustly Bancontact UnionPay iDeal WebMoney