🎉 DevOps Interview Prep Bundle is live — 1000+ Q&A across 20 topicsGet it →
All Fixes
Today I Fixed

SSH: Permission denied (publickey) even with correct key

linuxJun 22, 202620 minutes to fixlinuxtroubleshootingsecurity

Set up a new EC2 instance. SSH kept failing with:

ec2-user@1.2.3.4: Permission denied (publickey).

I was 100% sure I had the right key. Used the same .pem file I always use.

Debugging step-by-step:

bash
# Check verbose SSH output
ssh -vvv -i my-key.pem ec2-user@1.2.3.4

The verbose output showed:

debug1: Offering public key: /Users/me/my-key.pem RSA SHA256:...
debug1: Authentications that can continue: publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/me/my-key.pem
debug3: sign_and_send_pubkey: RSA SHA256:...
Received disconnect from 1.2.3.4 port 22:11: Bye Bye

The key was being offered but rejected. I checked the server side:

bash
# From AWS console → EC2 → Connect → Session Manager
sudo cat /var/log/auth.log | grep sshd
# Authentication refused: bad ownership or modes for file /home/ec2-user/.ssh/authorized_keys

Root cause: The .ssh/authorized_keys file had permissions 644 (world-readable). SSH rejects this as a security measure.

Fix:

bash
chmod 700 /home/ec2-user/.ssh
chmod 600 /home/ec2-user/.ssh/authorized_keys
chown ec2-user:ec2-user /home/ec2-user/.ssh/authorized_keys

SSH connected immediately.

Correct SSH directory permissions:

  • ~/.ssh/ → 700 (owner can read/write/execute, nobody else)
  • ~/.ssh/authorized_keys → 600 (owner can read/write, nobody else)
  • ~/.ssh/id_rsa (private key) → 600
  • ~/.ssh/id_rsa.pub (public key) → 644 is fine