Ubuntu – SSH Permission denied (public key), but root ssh works


I'm trying to setup ssh access for a user account that I created with chef on a DigitalOcean Ubuntu 12.04 server. I had the options set in DigitalOcean to automatically copy my mac's ssh key when the droplet is created.

I can ssh in as root with no issues, but my other user fails to authenticate. this seems to be a common issue, and I checked some of the other answers, and found this command to get more info:

ssh -vvv -i id_rsa user@serverIP

The logs for the root user (which succeeds) with that command are


1: Offering RSA public key: /Users/evan/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp snip!
debug3: sign_and_send_pubkey: snip!
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

failing user:


1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/evan/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/evan/.ssh/id_dsa
debug3: no such identity: /Users/evan/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.

Which to me means that the public key is incorrect. But, if I login as the root user and go to


then I can see that my ssh key is there. I thought maybe there was an error, so I did:

cp .ssh/authorized_keys ~/home/otheraccout/.ssh/authorized_keys

But that didn't help. I don't know where else to look.

My etc/ssh/sshd_config:

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
"sshd_config" 88L, 2508C
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# GS

SAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no
Banner /etc/ssh_banner


drwx------ 2 deploy deploy 4096 Apr 20 06:00 .ssh
-rw------- 1 deploy deploy 820 Apr 20 05:35 authorized_keys


As suggested in the comments, /var/log/authlog contains:

Apr 21 04:59:30 localhost sshd[586]: User deploy not allowed because account is locked
Apr 21 04:59:30 localhost sshd[586]: input_userauth_request: invalid user deploy [preauth]

I tried to do:

sudo usermod --expiredate -1 deploy

It returned:

no changes

Best Answer

  • SSH logins can fail for various reasons(incorrect directory/file permissions,incorrect keys etc.) and the connecting client will just get Permission denied or No more authentication methods to try or some generic error.

  • The exact reason for the login failure will be available in ssh log /var/log/auth.log or /var/log/secure depending on the syslog configuration.