Permission denied (publickey) when connecting to instance

asked 2015-07-02 03:30:52 -0600

delta440 gravatar image

updated 2015-07-02 21:25:41 -0600

Hey guys, I don't normally turn to the community like this but I've been stuck for a couple weeks... I set up openstack kilo on a single ubuntu machine mainly based on this guide (link text) The problem is when I create a machine with a key set up on horizon when I try to ssh I get permission denied (public key) everytime. I can tell it's connecting to the machine because if I terminate it and create a new machine with the same floating ip I get a host key error when I try to connect.

I'm using a ubuntu 14.04 cloud image, I'm using horizon to insert the key during creation. I triple checked the key fingerprints and I've tried having horizon create the keys and download them, I've tried creating them and uploading them, I've tried creating the key over cmd but nothing seems to work. Any ideas?

Here is the ssh -v output:

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file t type 1
debug1: key_load_public: No such file or directory
debug1: identity file t-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr none
debug1: kex: client->server aes128-ctr none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f6:e1:dd:9f:e9:6c:78:6f:f1:77:67:a3:54:62:57:45
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is f6:e1:dd:9f:e9:6c:78:6f:f1:77:67:a3:54:62:57:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: t
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

UPDATE: I just tried a cirros image because it has a default user/password (cirros/cubswin:)) and it worked only with the password, the key I added to it received a permission denied error

Another Update: I added my public key to the non existent ~/.ssh/authorized_keys file on a cirros instance and then my key worked. So I would say the problem is definitely ... (more)

edit retag flag offensive close merge delete


Check your private key permission it shud equals 600 or 400 and try to set full path to key for example: ssh -i /path/to/key root@host

Pavel Kutishchev gravatar imagePavel Kutishchev ( 2015-07-02 06:35:30 -0600 )edit

Appreciate the input, but my keys all have 700 permissions on them, otherwise it would have said so in the ssh verbose output.

delta440 gravatar imagedelta440 ( 2015-07-02 11:15:23 -0600 )edit

chmod 600 <private key="" file="">

Balagopal gravatar imageBalagopal ( 2015-07-06 08:57:54 -0600 )edit

3 answers

Sort by ยป oldest newest most voted

answered 2015-07-02 06:56:56 -0600

SGPJ gravatar image


I suspect the problem could be with permissions of private key file. It should have read & execute permissions.

chmod xxx <private key file>

Then try ssh.


edit flag offensive delete link more


i am getting the same error still. Is there any other workaround?

aditya2804 gravatar imageaditya2804 ( 2016-02-20 10:41:26 -0600 )edit

answered 2015-07-04 03:40:26 -0600

Sushitha gravatar image


Please check the console logs of the instance that you are launching from the Horizon dashboard and see if you are getting any errors such as metadata server not reachable or so. If the instance is not able to reach the metadata server, horizon may not be able to inject the keys to the instance during launch.

edit flag offensive delete link more

answered 2015-07-04 07:48:42 -0600

PiotrU gravatar image

Have you checked your neutron-metadata-agent ?

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2015-07-02 03:30:52 -0600

Seen: 8,854 times

Last updated: Jul 04 '15