We've all been there. You try to connect to your VPS, only to run into the dreaded
permission denied (publickey) error. Unfortunately, the reason for this differs, which can make troubleshooting harder, but generally the issue falls into four categories:
- You're trying to connect to the wrong server
- Your local machine doesn't have a matching key for your VPS server
- Your key isn't in the authorized_keys file on your VPS server
- Your local machine has too many keys
Let's run through the troubleshooting process to determine what's creating your
ssh permission denied error and solve the root cause:
Run ssh -vvv [email protected] for more info
You can save a lot of time by determining why you can't connect before you proceed. The following command will show you exactly what SSH is doing when you initiate a connection with your VPS server:
ssh -vvv [email protected]
Naturally, you should replace
your.vps.ip with the relevant IP address, which can be found in your control panel. Note down any output.
Make sure you're connecting to the right server
It sounds basic, but it's all too easy to do. You may have typed in a single digit of your server's IP address wrong, or tried to connect to an old, expired server rather than your new one.
Double-check your credentials in your server control panel and be sure to copy and paste the information rather than typing it to ensure accuracy. You'd be surprised how easy it is to get two numbers mixed up.
Additionally, if you've just created the server, wait a few minutes a try again. Sometimes the server may indicate that it's live even if it's not quite ready for connection.
Try logging in with a password instead
For the short term, you may be able to log in with a password instead. This won't work if you're using PuTTy, or if you have password authentication disabled. You can give it a try with the following command:
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no [email protected]
If you don't have password authentication enabled, you can change that by clicking on the server in your BitLaunch control panel, selecting "Access", and entering a password. This will reboot your server and reset your password.
On your local machine, run
ssh-keygen -R your.server.ip to get rid of your old key.
Now, you should be able to connect to your server both if your local machine or VPS server didn't have a matching key.
Manually add your SSH key to the VPS server
Now that you're able to log in to your VPS server with a password, you can add an SSH key again.
Generate a key with:
ssh-keygen -t rsa
Then, if needed, copy it to your vps manually by typing
ssh-copy-id [email protected].
Alternatively, copy it via SSH with:
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
You may want to make SSH keys your sole authentication method by editing the ssh_config file:
sudo nano /etc/ssh/sshd_config
PasswordAuthentication yes to
PasswordAuthentication no, and save the changes.
Manually choose which key to use
If you have too many keys on your local machine, your
ssh -vvv output will have the output
too many authentication failures for root. You can bypass this by explicitly mentioning the correct key, like so:
ssh -i /home/bitlaunch/.shh/id_rsa [email protected]
If you're still struggling with these steps and you're a BitLaunch customer, reach out to our expert support, who will be happy to aid you further.