DISCLOSURE: This post may contain affiliate links, meaning when you click the links and make a purchase, we receive a commission.
Using Secure Shell SSH is one of the most secure ways to access a remote server since it uses a pair of unique keys for authentication. Although it is convenient, there is a chance that the server may not be able to validate your public key and display an error message, such as “SSH Permission Denied (publickey,gssapi-keyex,gssapi-with-mic)”.
The “SSH Permission Denied” error message can be frustrating because it is not very descriptive, leading most users to the internet rabbit hole, scraping for information on the error. However, don’t lose hope, as this article will help you solve the SSH problem and get your SSH connection working again in no time!
What Does “SSH Permission Denied” Error Mean
The Permission Denied error is often displayed when attempting to access a remote server using Secure Shell (SSH). This error indicates that the server could not authenticate your public key, which is one of the keys used to establish a secure connection using SSH.
There are several possible causes for a server authentication failure when using SSH. These can include the absence of a necessary public key, permission issues, an invalid key format, or problems with the configuration of the SSH client.
Whatever the root cause may be, that fact is that if you leave the SSH Permission Denied error unfixed, you will not be able to establish a secure shell connection to the remote server using SSH. In simpler words, you will not be able to access the server or perform any tasks on it using SSH.
What Causes the Permission Denied publickey,gssapi-keyex,gssapi-with-mic Error
The SSH Permission Denied error could be a confusing message to encounter when accessing a remote server. However, figuring out the root cause of the error can be more challenging. Fortunately, we’ve discussed all the common causes of the error below:
- Absence Of Public Key
If the server lacks your public key, it will not be able to authenticate your connection when you try to establish an SSH connection. In other words, the server will request your public key for authentication when you initiate an SSH connection.
If it doesn’t have your public key on record, it will not be able to verify your identity and will likely reject the connection with the error message.
- Permission Issues
There might be permission issues with the authorized_keys file or the .ssh directory on the server, which are causing this trouble. This usually happens when the owner permissions are not set to read, write, and execute.
- Invalid Key Format
Another cause could be a problem with the format of your public key. The format of a public key file is as follows: ssh-rsa AAAAB3NzaC1uc2EAAA…
The first line specifies the type of key, which can either be ssh-rsa or ssh-dsa. Moreover, you can view the contents of your public key using the cat command. For example, cat ~/.ssh/id_rsa.pub
- Problems With SSH Client Configuration
Last but not least, there might be an issue with the SSH client configuration on your local machine. To check the contents of the SSH configuration file, you can again use the cat command to print the file to the terminal: cat /etc/ssh/sshd_config
If anything is not set correctly, this means that the actual issue was with the SSH client configuration file which was denying the permission from the remote server.
Possible Ways to Fix the “Permission Denied Publickey, Gssapi-Keyex, Gssapi-With-Mic” Error
For those who are new to SSH, it may be somewhat confusing to navigate through your system and fix the SSH issue. That’s why we’ve provided five troubleshooting methods to help you quickly resolve the SSH issue so you can authenticate the remote server successfully.
Method 1: Adding Public Key
You can add the public key to the server’s authorized_keys file, which is typically located in the “.ssh” directory of your user account on the server. You can do this by using the “ssh-copy-id” command, which will automatically add your public key to the authorized_keys file. For example, ssh-copy-id user@server
You can also add it manually by copying and pasting the contents of your public key into the authorized_keys file. Once your public key has been added to your authorized_keys file, the server should be able to authenticate your connection using your public key.
Method 2: Updating Permission Settings
You can use the chmod command to change the owner’s permissions. To ensure that the authorized_keys file has the right permissions (600) and the .ssh directory has the correct permissions (700), use the following commands:
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
Method 3: Correcting The Format
By default, the public key file will be stored in the ~/.ssh directory of your home directory, with a file name that ends in .pub (e.g., “id_rsa.pub”). You should actively ensure the key type is in the correct format and is not skipped i.e.: key_type key_data
Method 4: Verifying Configuration File
To verify that your SSH configuration file has been properly configured, you need to review certain options within it. Open the sshd_config file using a text editor using the following command: sudo nano /etc/ssh/sshd_config
In the file, ensure that the following items are set up correctly:
- PermitRootLogin no – #if you want to disable root logins
- PubkeyAuthentication yes #if you want to allow public key authentication
- UsePAM yes – #if you want to use Pluggable Authentication Modules for authentication
Also make sure that following items are commented as follows:
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
Don’t forget to save the file and restart the service to apply the changes! You can use the systemctl command to restart the sshd service on Linux: systemctl restart sshd
Method 5: Allowing Password Authentication
Although this method is not recommended for security concerns, if any other method doesn’t work out for you, you can give it a try. This method involves enabling password authentication to access the SSH server, which turns out to be a temporary solution for the “Permission Denied” error. You can do this in the following steps:
- Open the sshd_config file using a text editor using the following command: sudo nano /etc/ssh/sshd_config
- Ensure that the following items are set up and uncommented correctly:
PasswordAuthentication yes
ChallengeResponseAuthentication no - Save and exit the file.
- Restart the service on Linux using the following command: systemctl restart sshd
Conclusion
Dealing with error messages in SSH can be challenging, especially for those without prior experience. Before reaching out for professional help, make sure to follow our troubleshooting tips and fixes since they’ve been reported to solve most users’ issues with SSH permissions.