Why would an SSH key not work?

Wrong permissions on the key or .ssh directory, the public key is not in authorized_keys on the server, the wrong key is used (multiple keys), or the server rejects the key. Run ssh -v to see the details.

What permissions does an SSH key need?

The ~/.ssh directory must be 700. The private key (id_rsa, id_ed25519) must be 600. The authorized_keys file on the server must be 600. SSH refuses keys with looser permissions.

How do I add my public key to a server?

Append the contents of ~/.ssh/id_ed25519.pub (or id_rsa.pub) to ~/.ssh/authorized_keys on the server. One key per line. Use ssh-copy-id user@host if available.

Search guides

Fix an SSH key that will not work

We'll check the key exists, permissions, that the public key is on the server, and the correct key is used—or tell you when to escalate.

Category: Troubleshooting · Servers & Linux
Time: 10–20 min
Last reviewed: Mar 7, 2026

What you'll need

SSH key pair (id_ed25519 or id_rsa)
Access to the server (console or another user) to add the public key

At a glance

Run `ssh -v user@host` to see which keys are offered and why they are refused.
Check key file permissions: `~/.ssh` 700, `~/.ssh/id_rsa` or `~/.ssh/id_ed25519` 600.
Confirm the public key is in `~/.ssh/authorized_keys` on the server (one line per key).
Use `ssh -i ~/.ssh/id_ed25519 user@host` to specify the key if you have multiple.
Check the server `authorized_keys` file permissions: `~/.ssh` 700, `authorized_keys` 600.

Quick triage — pick your path

Choose the option that matches what you see. You can jump straight to that section.

Follow this guide Work through the full procedure.
Check ssh -v output You want to see which keys are offered and why they fail.
Fix permissions Key or authorized_keys has wrong permissions.
Add key to server The public key is not in authorized_keys.
When to escalate No console access or config management.

Steps

Goal: Identify why the SSH key fails, then fix permissions, add the key to the server, or specify the correct key.

Run ssh -v user@host and look for “Offering public key” and “Authentication refused” or “Permission denied”.
Good: You see which keys are tried and why they fail. Proceed to Check the key file exists.
Bad: Connection refused or timeout—see fix-ssh-will-not-connect.

Check the key file exists

Goal: Confirm the key pair exists and has correct permissions.

Run ls -la ~/.ssh/. Look for id_ed25519 and id_ed25519.pub or id_rsa and id_rsa.pub.
Run chmod 700 ~/.ssh and chmod 600 ~/.ssh/id_ed25519 (or id_rsa).
Good: Key exists and permissions are 700/600. Proceed to Check the public key is on the server.
Bad: No key—run ssh-keygen -t ed25519 -C "your@email" to create one.

Fix permissions

Goal: Set correct permissions on the client key and server authorized_keys.

Client: chmod 700 ~/.ssh and chmod 600 ~/.ssh/id_ed25519.
Server: chmod 700 ~/.ssh and chmod 600 ~/.ssh/authorized_keys.
Good: Permissions correct. Retry ssh.
Bad: Cannot access server—escalate.

Add key to server

Goal: Put the public key in authorized_keys on the server.

From client: cat ~/.ssh/id_ed25519.pub. Copy the output.
On server: echo "paste-key-here" >> ~/.ssh/authorized_keys. Or use ssh-copy-id user@host from the client.
Good: Key added. Retry ssh.
Bad: No server access—escalate.

When to escalate

Escalate if:

You cannot access the server console to fix authorized_keys.
The server is managed by config management.
sshd config changes require approval.

Provide ssh -v output and ls -la ~/.ssh from client and server.

Verification

ssh user@host logs in without a password prompt.
ssh -v shows “Authentication succeeded (publickey)”.
No “Permission denied (publickey)” in the output.

Escalation ladder

Work from the device outward. Stop when the problem is fixed.

ssh -v Run ssh -v to see key offer and refusal.
Key exists and permissions chmod 700 ~/.ssh, 600 ~/.ssh/id_ed25519.
authorized_keys Add public key to server; chmod 600.
Specify key or ssh-agent ssh -i or ssh-add.
Escalate Provide ssh -v output.

What to capture if you need help

Before calling support or posting for help, have these ready. It speeds everything up.

ssh -v output (relevant lines)
ls -la ~/.ssh from client and server
Whether the public key is in authorized_keys
Steps already tried

Reviewed by Blackbox Atlas

Frequently asked questions

Why would an SSH key not work?: Wrong permissions on the key or .ssh directory, the public key is not in authorized_keys on the server, the wrong key is used (multiple keys), or the server rejects the key. Run ssh -v to see the details.
What permissions does an SSH key need?: The ~/.ssh directory must be 700. The private key (id_rsa, id_ed25519) must be 600. The authorized_keys file on the server must be 600. SSH refuses keys with looser permissions.
How do I add my public key to a server?: Append the contents of ~/.ssh/id_ed25519.pub (or id_rsa.pub) to ~/.ssh/authorized_keys on the server. One key per line. Use ssh-copy-id user@host if available.

Rate this guide

Was this helpful?