SSH Permission Denied (publickey)
Hello,
I am trying to download a file via SSH to my local machine, however I am getting an error that says "Permission denied (publickey)". Googling this provides too many different answers and I don't want to mess anything up. Could you please advise how I can transfer a file to my local machine?
6 Replies
Hey,
The error you are seeing refers to the fact that your server is using Public Key Authentication for SSH, which does not allow you to login unless you have the key installed on your local machine. From a security standpoint, this is a good thing, as it prevents people from being able to access your machine, even if they know your password, since it never asks for it anyway. This setup actually negates an attacker's ability to perform a brute-force attack against your Linode.
It is most likely that you just need to either copy the key files to your local machine, or if your using a machine other than the one you typically use to access your Linode, you may need to generate a new key pair altogether and install it on both your local machine and your Linode itself. You can check out our guide on Securing Your Server, particularly the section about Hardening SSH Access for more information about this and how to set it up. Just let us know if you have any questions about the process.
Regards,
Tom D.
Linode Support Team
HI I have issue with uploading public key to my Linode server,
Can't login via ssh, just using Lish from the Linode Control panel
@Garcha --
From your local terminal, you can tell ssh(1) to use password-only authentication for just one session by invoking it as follows:
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no foo@bar.com
You can do the same with scp(1):
scp -o PreferredAuthentications=password -o PubkeyAuthentication=no local-file foo@bar.com:/remote-file
Using both of these techniques should allow you to get your public key to your Linode and configure ssh(1) for public-key authentication correctly.
Once you get the public key file, you can use Lish/Glish to edit files, copy stuff around, set permissions, etc.
-- sw
@stevewi I thought SSH fell back to password/keyboard-interactive authentication automatically if it was supported by the server and public key authentication failed?
I’m assuming your suggestion wouldn’t work if the server was configured to disallow password authentication?
@andysh --
You're right…if the configuration allows that. Since @Garcha says he can login through Lish/Glish, he can easily enable password authentication by editing /etc/sshd_config in a Lish/Glish session. Once that is done, the above will work. I apologize for leaving this part out…I thought it was understood.
Note that it is possible to configure public-key AND password authentication by configuring ssh(1) as follows:
PubkeyAuthentication yes
AuthenticationMethods publickey,password
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
If you set AuthenticationMethods publickey password
(space instead of comma between publickey
and password
), this will cause ssh(1) to accept public-key OR password authentication.
Also, I believe ssh(1) will revert to password authentication if the permissions/ownership of ~/.ssh and its contents are not correct (and the configuration allows this).
-- sw