SSH Permission Denied (publickey,gssapi-keyex,gssapi-with-mic) | Non-Root User

Securing access to remote servers through SSH (Secure Shell) is a fundamental practice in system administration, cloud computing, and hosting environments. Yet, one of the most frustrating errors developers and administrators encounter is:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

This error commonly occurs when a non-root user tries to log in via SSH and is denied access due to authentication issues. Given the increasing reliance on cloud platforms like Cyfuture Cloud, AWS, and Google Cloud, understanding how to troubleshoot and resolve this problem is essential.

This guide provides a structured approach to identifying and fixing the error, ensuring a seamless SSH authentication process in cloud and hosting environments.

Why Does This Error Happen?

The error occurs when SSH authentication fails due to:

Missing or incorrect public key in the authorized_keys file.

Wrong file permissions on SSH-related files.

SSHD configuration blocking password authentication.

The user is not allowed to log in via SSH.

Issues with SSH agent forwarding.

Fixing SSH Permission Denied for a Non-Root User

Step 1: Verify the Public Key Setup

If your SSH authentication is using public key authentication, ensure that the public key is correctly placed in the ~/.ssh/authorized_keys file of the user trying to log in.

Check if the key is added:

cat ~/.ssh/authorized_keys

If missing, add the public key manually:

echo "your-public-key" >> ~/.ssh/authorized_keys

chmod 600 ~/.ssh/authorized_keys

Restart the SSH service:

sudo systemctl restart sshd

Step 2: Fix File and Directory Permissions

SSH requires strict permissions on key-related files and directories. Incorrect permissions can lead to authentication failures.

Set correct ownership and permissions:

chown -R youruser:youruser ~/.ssh

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

chmod 644 ~/.ssh/config

Step 3: Check SSH Server Configuration

Sometimes, sshd_config is misconfigured, preventing proper authentication. Open the SSH daemon configuration file:

sudo nano /etc/ssh/sshd_config

Look for the following lines and ensure they are set correctly:

PermitRootLogin no

PasswordAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

After making changes, restart the SSH service:

sudo systemctl restart sshd

Step 4: Debug SSH Authentication

If the issue persists, debug the SSH connection with verbose output:

ssh -vvv youruser@yourserver

This will provide detailed logs that can help identify why authentication is failing.

Step 5: Ensure User is Allowed to Login via SSH

On some cloud platforms like Cyfuture Cloud, AWS, or GCP, SSH access for non-root users might be disabled by default. Verify that your user is listed in the /etc/ssh/sshd_config under AllowUsers:

AllowUsers youruser

Restart SSH after making changes:

sudo systemctl restart sshd

Step 6: Check SSH Agent and Key Forwarding

If you're using an SSH key stored on your local machine, ensure your SSH agent is running and the key is added:

ssh-agent bash

ssh-add ~/.ssh/id_rsa

For key forwarding, enable it in your SSH configuration:

ForwardAgent yes

Best Practices for SSH Security in Cloud and Hosting Environments

When working with cloud services like Cyfuture Cloud and other hosting providers, follow these best practices to secure SSH access:

Use SSH Key Authentication: Avoid password-based logins whenever possible.

Disable Root Login: Prevent root SSH access by setting PermitRootLogin no.

Change the Default SSH Port: Modify the port from 22 to a non-standard port to reduce brute-force attacks.

Enable Fail2Ban or Firewall Rules: Protect your server from repeated failed SSH attempts.

Regularly Update SSH Keys: Rotate SSH keys periodically for enhanced security.

Conclusion

The SSH Permission denied (publickey,gssapi-keyex,gssapi-with-mic) error can be frustrating, especially when logging in as a non-root user in cloud environments. However, by systematically checking public key authentication, permissions, SSH configurations, and debugging SSH logs, you can quickly resolve the issue.

Whether you're using Cyfuture Cloud, a VPS hosting service, or a dedicated server, properly managing SSH authentication is crucial for secure and efficient access. Following best practices ensures that your server remains protected while allowing legitimate users to connect without issues.

By implementing these solutions, you can ensure a smooth SSH experience without the hassle of permission errors!