Cannot access my server "Permission denied (publickey)."

Question

Hi i have created a key ring on my server B

I copied the public key of my server B to the authorized_keys file of my server A

My servers are on Ubuntu 20.04 LTS

When I try to transfer a directory from server A to server B, I get this error:

ubuntu@server_B:~$ scp -r -p ubuntu@server_A:/home/ubuntu/www-example-com/ /home/ubuntu/www-example-com/
ubuntu@server_A: Permission denied (publickey).

Why do I have this error ? How to correct ?

ubuntu@server_B:~$ ls -l /home
total 20
drwx------  2 root   root   16384 Nov  5 01:14 lost+found
drwxr-xr-x 11 ubuntu ubuntu  4096 Nov  5 03:57 ubuntu



ubuntu@server_B:~$ ls -a -l /home/ubuntu
total 76
drwxr-xr-x 11 ubuntu ubuntu 4096 Nov  5 03:57 .
drwxr-xr-x  4 root   root   4096 Nov  5 01:04 ..
-rw-------  1 ubuntu ubuntu 4961 Nov  5 03:38 .bash_history
-rw-r--r--  1 ubuntu ubuntu  220 Feb 25  2020 .bash_logout
-rw-r--r--  1 ubuntu ubuntu 3771 Feb 25  2020 .bashrc
-rw-rw-r--  1 ubuntu ubuntu  241 Nov  5 01:28 bridge_log.txt
drwx------  3 ubuntu ubuntu 4096 Nov  5 01:24 .cache
drwxr-x---  3 ubuntu ubuntu 4096 Nov  5 01:24 .config
drwx------  4 ubuntu ubuntu 4096 Nov  5 01:28 .gnupg
drwxrwxr-x  3 ubuntu ubuntu 4096 Nov  5 03:57 .local
-rw-------  1 ubuntu ubuntu  409 Nov  5 03:50 .mysql_history
drwxr-xr-x  9 ubuntu ubuntu 4096 Nov  5 03:27 nginx-1.18.0
drwxrwxr-x  7 ubuntu ubuntu 4096 Nov  5 03:27 ngx_brotli
drwx------  3 ubuntu ubuntu 4096 Nov  5 01:24 .password-store
-rw-r--r--  1 ubuntu ubuntu  807 Feb 25  2020 .profile
drwx------  2 ubuntu ubuntu 4096 Nov  5 04:43 .ssh
-rw-r--r--  1 ubuntu ubuntu    0 Nov  5 01:07 .sudo_as_admin_successful
-rw-rw-r--  1 ubuntu ubuntu  204 Nov  5 03:33 .wget-hsts
drwxr-xr-x  2 ubuntu ubuntu 4096 Nov  5 04:00 www-example-com



ubuntu@server_B:~$ ls -l .ssh
total 16
-rw------- 1 ubuntu ubuntu  748 Nov  5 04:34 authorized_keys
-rw------- 1 ubuntu ubuntu 3434 Nov  5 04:32 id_rsa_dev-example-com
-rw-r--r-- 1 ubuntu ubuntu  748 Nov  5 04:32 id_rsa_dev-example-com.pub
-rw-r--r-- 1 ubuntu ubuntu  222 Nov  5 04:43 known_hosts

and

ubuntu@server_A ~ $ ls -l /home
total 20
drwx------  2 root   root   16384 Sep  7 17:10 lost+found
drwxr-xr-x 12 ubuntu ubuntu  4096 Nov  5 02:02 ubuntu



ubuntu@server_A ~ $ ls -a -l /home/ubuntu
total 148
drwxr-xr-x 12 ubuntu ubuntu  4096 Nov  5 02:02 .
drwxr-xr-x  4 root   root    4096 Sep  7 17:04 ..
-rw-------  1 ubuntu ubuntu 72711 Nov  5 02:02 .bash_history
-rw-r--r--  1 ubuntu ubuntu   220 Feb 25  2020 .bash_logout
-rw-r--r--  1 ubuntu ubuntu  4049 Sep  7 21:13 .bashrc
-rw-rw-r--  1 ubuntu ubuntu   258 Sep  7 17:20 bridge_log.txt
drwx------  4 ubuntu ubuntu  4096 Sep  7 17:50 .cache
drwxr-x---  4 ubuntu ubuntu  4096 Sep  7 17:50 .config
drwxrwxr-x  3 ubuntu ubuntu  4096 Sep  7 21:13 .drush
drwx------  4 ubuntu ubuntu  4096 Oct 27 16:15 .gnupg
drwxrwxr-x  3 ubuntu ubuntu  4096 Sep  7 17:50 .local
-rw-------  1 ubuntu ubuntu  3417 Sep 14 04:38 .mysql_history
drwxr-xr-x  9 ubuntu ubuntu  4096 Sep  7 17:38 nginx-1.18.0
drwxrwxr-x  7 ubuntu ubuntu  4096 Sep  7 17:38 ngx_brotli
drwx------  3 ubuntu ubuntu  4096 Sep  7 17:18 .password-store
-rw-r--r--  1 ubuntu ubuntu   807 Feb 25  2020 .profile
-rw-rw-r--  1 ubuntu ubuntu    66 Sep  7 21:15 .selected_editor
drwx------  2 ubuntu ubuntu  4096 Nov  5 04:42 .ssh
-rw-r--r--  1 ubuntu ubuntu     0 Sep  7 17:07 .sudo_as_admin_successful
-rw-rw-r--  1 ubuntu ubuntu   244 Nov  5 03:45 .wget-hsts
drwxr-xr-x  6 ubuntu ubuntu  4096 Nov  4 01:03 www-example-com



ubuntu@server_A ~ $ ls -l .ssh
total 4
-rw------- 1 ubuntu ubuntu 1496 Nov  5 04:33 authorized_keys

Server B (copy)

$ cat /home/ubuntu/.ssh/id_rsa_dev-example-com.pub

Server A (past)

$ nano /home/ubuntu/.ssh/authorized_keys
$ sudo systemctl restart ssh

The permissions seem all right. How exactly did you copy the key? — Michael Hampton, Nov 05 '20 at 04:52
@Michael Hampton I added some information at the end of my question — Mathieu, Nov 05 '20 at 05:07
You did it manually? Check the file and make sure it wasn't corrupted in the process, either by a bad paste or by `nano` (which you should consider avoiding). — Michael Hampton, Nov 05 '20 at 05:29
You do not seem to be loading the identity file on the client and it is not named the default `id_rsa`. — tater, Nov 05 '20 at 05:34

score 0 · Answer 1 · answered Nov 05 '20 at 07:37

Encrypted keys are a set of access credentials used to establish a secure connection. The remote SSH daemon has not accepted the supplied key as valid for the account name you used and has refused your login. Make sure the authorized_keys file contains the matching public key. Check that your public key is added to the server.

SSH client key pair fingerprint check required ssh -i ~/.ssh/test-key.pem ubuntu@server_IP

Also with the below steps, you can recheck the SSH Key

Root Cause:

Many of the most common issues regarding key-based authentication are caused by incorrect file permissions or ownership. Here are some steps you can take to troubleshoot this issue:

-Make sure the authorized_keys file and the private key itself have the correct permissions and ownership.

-Check that key-based authentication is allowed by the server.

-Make sure the private key is readable by the SSH client.

-You may be using a private key that is no longer supported on the OpenSSH service. This commonly impacts when using a private SSH DSA key. So try to create a 2048-bit RSA key pair.

Simple 3 Steps:

-Generate the SSH Key Pair -Copy Public Key to the Ubuntu Server -Log in to the Remote Server

Note: Remove the '#' and execute it

1.Generate the SSH Key Pair [serverB] [Public key + Private key]

#mkdir –p $HOME/.ssh #create a hidden directory to store your SSH keys

#chmod 0700 $HOME/.ssh #modify the permissions for that directory as required

#ssh –keygen –t rsa 4096 #create a 2048-bit RSA key pair #server will ask you to create a passphrase as an added layer of security, if require you canadd an input a memorable passphrase, and press Enter or you can skip it.

2.Copy Public Key to the [serverA]

#The system will copy the contents of the ~/.ssh/id_rsa.pub from the client system into the ~/.ssh/authorized_keys directory of the server system.

#ssh-copy-id ubuntu@<server_IP> #######Important########

or Manually Copy the SSH Key to the [serverA]

#cat ~/.ssh/id_rsa.pub | ssh username@<server_IP> "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

#Replace server_IP with the actual IP address of your server.

3.Log into the Remote Server

#ssh ubuntu@server_IP

Once you are able to SSH retry the scp

score 0 · Accepted Answer · answered Nov 05 '20 at 07:49

0

As stated in the comment, you are not specifying the identity file.

By default a certain set of filenames will be checked, e.g. ~/.ssh/id_rsa, and your identity file is not so named. Thus ssh is not locating the private key.

Specify the identity file using -i, e.g. ssh -i ~/.ssh/id_rsa_dev-example-com user@host. Or rename the file to the default, e.g. mv ~/.ssh/id_rsa_dev-example-com ~/.ssh/id_rsa.

answered Nov 05 '20 at 07:49

tater

1,445
2
10
12

Thanks, it works. I want to do this `scp -r -p ubuntu@serveur_A:/home/ubuntu/www-example-com/ /home/ubuntu/www-example-com/` command. What exactly should I put when I specify the key ? – Mathieu Nov 05 '20 at 07:57
The same should work for `scp`, e.g. `scp -r -p -i ~/.ssh/id_rsa_dev-example-com ubuntu@serveur_A:/home/ubuntu/www-example-com/ /home/ubuntu/www-example-com/`. If you are planning to make backups regularly you might consider `rsync` instead (which you can do over `ssh` using the same key), but that's another matter. – tater Nov 05 '20 at 08:14