CloudStick is a server control panel for developers and agencies that lets you manage cloud servers on AWS, DigitalOcean, Vultr, Linode, and Hetzner without using the command line. Plans start at $9/month — the Basic plan covers 1 server with unlimited websites; Pro at $19/month and Business at $49/month cover unlimited servers.

Will features I pay for ever get moved to a higher plan?

No. CloudStick is committed to keeping all features you currently pay for within your existing plan. New features may be added to higher tiers, but existing plan features will never be removed or require a forced upgrade.

What happens to my servers if I cancel CloudStick?

Your servers remain fully operational after cancellation. CloudStick does not host your servers — it manages them. If you cancel, you lose access to the CloudStick dashboard, but your servers continue running on your cloud provider.

Is there a free trial for CloudStick?

Yes. CloudStick offers a 7-day free trial on all paid plans with no credit card required. You can explore every feature and upgrade, downgrade, or cancel at any time during or after the trial.

SSH & ACCESS

June 24, 2026

How to Fix "Permission Denied (publickey)" SSH Errors

8 min read

CloudStick Team

Server Infrastructure

Share this article

Fix Permission Denied (publickey)

What Causes the Error

The "Permission denied (publickey)" error has five common causes. First, the wrong key file — SSH tried the wrong private key and the server rejected it. Second, bad file permissions on ~/.ssh/ or authorized_keys that cause SSH to silently reject the key. Third, the public key simply is not present in authorized_keys on the server. Fourth, the server's sshd_config has public key authentication disabled. Fifth, you are connecting with the wrong username for the account where the key was installed.

Before checking anything else, run ssh -vvv to see exactly which keys were tried and which step failed. The verbose output eliminates guesswork in seconds.

Run ssh -vvv user@server first. The verbose output will pinpoint the exact failure — wrong key, permissions, or server config — within seconds. Guessing without it wastes time.

Check Key Permissions

SSH silently rejects keys when permissions are too open. The rules are strict — both on your local machine and on the server. If authorized_keys is owned by root but the connecting user is ubuntu, SSH will reject it even if the key content is correct.

# On your LOCAL machine:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519          # private key
chmod 644 ~/.ssh/id_ed25519.pub      # public key (optional)
# On the SERVER:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R youruser:youruser ~/.ssh    # must be owned by the user
# Check ownership:
ls -la ~/.ssh/
stat ~/.ssh/authorized_keys

Verify authorized_keys

Verify your public key is in the file and on a single line with no wrapping. A common mistake is copying the public key with a line break in the middle — each key must be exactly one unbroken line in authorized_keys.

# On the server, check authorized_keys content:
cat ~/.ssh/authorized_keys
# Your public key should be exactly ONE line:
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5... comment
# Compare with your local public key:
cat ~/.ssh/id_ed25519.pub
# Add if missing:
cat ~/.ssh/id_ed25519.pub | ssh -o PasswordAuthentication=yes user@server \
  "cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Debug with Verbose Mode

The -vvv flag shows exactly what happened — which keys were offered, what error the server returned, and which authentication method was tried at each step.

ssh -vvv -i ~/.ssh/id_ed25519 user@server 2>&1 | grep -E "Offering|Trying|debug1: Auth"
# Look for:
# debug1: Offering public key: /home/user/.ssh/id_ed25519
# Authenticated with partial success.    ← or →
# debug1: No more authentication methods to try.

Common output patterns: "Server refused our key" means the key is not in authorized_keys or permissions are wrong. "Too many authentication failures" means SSH agent offered too many keys before the right one — fix with -o IdentitiesOnly=yes -i ~/.ssh/specific_key.

sshd_config Issues

If PubkeyAuthentication is disabled on the server, no key will work regardless of permissions or key content. Also check if AuthorizedKeysFile points to a non-default location — if it does, your keys must be in that path instead.

# On the server, check sshd_config:
sudo grep -E "PubkeyAuthentication|AuthorizedKeysFile|PermitRootLogin" /etc/ssh/sshd_config
# Should show:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# If AuthorizedKeysFile points elsewhere, check that location
# Reload after any changes:
sudo systemctl reload sshd

Also check if SELinux or AppArmor is blocking SSH key reading. Check audit.log — it will show explicit denials if a MAC policy is preventing sshd from reading the authorized_keys file.

CloudStick SSH Troubleshooting

CloudStick's SSH Keys section shows which public keys are authorized for each system user on the server. If your key appears there but connections still fail, the most common cause is a permissions mismatch on the server's filesystem — often the result of a chmod -R 777 command applied to the home directory at some point, which overwrites the strict permissions SSH requires.

CloudStick's browser-based SSH terminal uses the same key authentication mechanism. If it connects successfully but your local terminal client does not, the issue is with your local key file or ssh-agent — not the server configuration. Use that as a diagnostic checkpoint: a working browser terminal confirms the server side is correctly configured.

How to Secure SSH with Keys and Disable Password Login

Set up key-based auth correctly from scratch to avoid the most common permission denied errors.

How to Generate and Use SSH Keys (Mac, Windows, Linux)

Generate properly formatted Ed25519 keys with correct permissions on every OS.