I'm trying to create a new user in ubuntu with keybased authentication and to configure Github actions (via ssh) to deploy any new change done on my branch, however am stuck with SSH connection to the server which constantly throws error Permission denied. (publickey) Screenshot below.
I have admin access to the server, however issue is only for new users created which constantly throws error Permission denied. (publickey)
Following is how am trying to connect to server from local machine (mac)
ssh SpiderServer
user@hostname: Permission denied (publickey).
//my ~/.ssh/config file contains the following
Host SpiderServer
HostName ip-address-of-the-server
Port 22
User username
IdentityFile /Users/hs/.ssh/cert.pem
with verbose trace enabled, following is the outcome:
❯ ssh UW1003 -v
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/hs/.ssh/config
debug1: /Users/hs/.ssh/config line 9: Applying options for UW1003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to XXX.XXX.XX.XXX [XXX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /Users/hs/.ssh/UW1003.pem type -1
debug1: identity file /Users/hs/.ssh/UW1003.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to XXX.XXX.XX.XXX:22 as 'githubdeployment'
debug1: load_hostkeys: fopen /Users/hs/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:R3a/mQVBiXfnkJ6Vive8+TCeffMSkTxQgHsm3EKeQG8
debug1: load_hostkeys: fopen /Users/hs/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'XXX.XXX.XX.XXX' is known and matches the ED25519 host key.
debug1: Found key in /Users/hs/.ssh/known_hosts:8
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/hs/.ssh/UW1003.pem explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/hs/.ssh/UW1003.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
githubdeployment@XXX.XXX.XX.XXX: Permission denied (publickey).
Attempt 1: via ssh-keygen command
Steps that I followed (Failed)
- Generated key pair using
ssh-keygen -t rsa -b 4096 in the remote server
cat <path/to/public/key> >> ~/.ssh/authorized_keys- Downloaded the id_rsa to my local system (mac) as .pem file and tried connecting to server, but it threw
Permission denied. (publickey) error.
Attempt 2: via AWS Key pair
- Went to AWS Key pair
- Generated RSA (.pem format)
- Downloaded the private key to my local system (mac) as .pem file and tried connecting to server, but it threw
Permission denied. (publickey) error.
Following are my ubuntu server configurations related to ssh
PasswordAuthentication no
KbdInteractiveAuthentication no
AuthenticationMethods publickey
UsePAM no
StrictModes yes
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
AllowUsers spiderman
Things that I tried so far
- Copied the id_rsa and id_rsa.pub of the existing user via which I can access the remote server to the new user created (path /home/spiderman./ssh)
- Changed the access level to 0400 and 0600 to both the id_rsa and id_rsa.pub
I'm I missing anything?
