logging into user on server: permission denied (publickey)



~4 min read


613 words

I recently spun up a Digital Ocean droplet and almost immediately ran into problems logging into it.

For context - the steps I took were:

  1. Log in as root:1

    ssh -i ~/.ssh/mykey root@host
  2. Create a new user2

    adduser $USERNAME
  3. Add that user to the super user group

    usermod -aG sudo $USERNAME
  4. I switched to the user to confirm that the user was created properly

    su $USERNAME
  5. Exit to get back to my local computer


    Needed to exit twice because the first one exited the user to return to root, the second exit is from root.

  6. Now, I tried to log into my user directly

    ssh $USERNAME@host

    This was when things started not working correctly.

    $ ssh $USERNAME@host
    $USERNAME@host: Permission denied (publickey).

    I was expecting that I should be able to type in my password, my server seemed to be configured to only accept login via a public/private key exchange.

Allowing Direct Login Via SSH

To enable logging into my server directly as a user (rather than root - since my goal is to disable root eventually), I needed to be able to configure the user’s SSH key.

To do that I followed the following steps:

  1. Log into the server as root

  2. Modify (temporarily) the sshd_config for the server:

    • vim /etc/ssh/sshd_config
    • Find the PasswordAuthentication section and set it to yes
    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication yes
  3. Reload the sshd

    service sshd reload
  4. Exit the server and return to your local machine.

  5. Use ssh-copy-id, a tool from OpenSSH, to copy your public key to the server for the user.3

    ssh-copy-id -i ~/.ssh/mykey $USERNAME@host

    If successful, you should see a printout that ends like:

    Number of key(s) added:        1
    Now try logging into the machine, with:   "ssh ‘$USERNAME@host’”
    and check to make sure that only the key(s) you wanted were added.
  6. Give it a go - you should see something like:

    ssh -i ~/.ssh/mykey $USERNAME@host
    Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-166-generic x86_64)
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
     0 packages can be updated.
     0 updates are security updates.
     New release '18.04.3 LTS' available.
     Run 'do-release-upgrade' to upgrade to it.

    Last login: Sun Nov 3 15:55:34 2019 from xxx.xxx.xxx.xxx

Quick Summary

The reason we couldn’t log into our user via ssh was because we:

  1. Hadn’t configured the ssh public key for the user yet
  2. The server did not allow password authentication for logging in.

The solution was:

  1. Allow password authentication (temporarily) (in sshd_config)
  2. Copy the public key to the server with ssh-copy-id

As a final step, I logged back into root for a moment to modify sshd_config to once again not accept password authentication, but that’s a user preference decision.



Hi there and thanks for reading! My name's Stephen. I live in Chicago with my wife, Kate, and dog, Finn. Want more? See about and get in touch!