SSH Permission Denied¶

Introduction¶

This guide gives a practical workflow for diagnosing ssh permission denied on RHEL, Rocky Linux, AlmaLinux, and similar systems. Work in order: confirm the symptom, read logs, verify configuration, apply one fix, and test again.

Symptoms¶

Typical signs include failed commands, timeout errors, refused connections, unexpected service states, missing files, high resource usage, or users reporting that an expected workflow no longer works. Capture the exact error and the time it happened.

Common Causes¶

The usual causes are sshd state, key permissions, authentication logs, firewall rules, and the remote port. Recent package updates, permission changes, firewall changes, service restarts, and edited configuration files are the first places to check.

Step 1: Check the Current Status¶

sudo systemctl status sshd
sudo journalctl -u sshd -n 50 --no-pager

Expected output should show the current state clearly:

Active: active (running)
Accepted publickey for admin from 192.0.2.50 port 51244 ssh2

Step 2: Inspect Logs¶

ssh -vvv admin@server.example.com

Look for the first error after the last known good time. Later errors are often side effects.

Step 3: Verify Configuration¶

sudo sshd -t

Check syntax, ownership, enabled services, active interfaces, or mounted filesystems depending on the topic. Fix reported errors before restarting services.

Step 4: Apply the Fix¶

sudo systemctl restart sshd

Apply one focused fix at a time. Avoid changing firewall rules, SELinux mode, permissions, and service configuration all at once.

Step 5: Confirm the Problem Is Resolved¶

sudo systemctl status sshd
sudo journalctl -u sshd -n 50 --no-pager

A resolved issue should show a clean status, reachable endpoint, correct permission, mounted filesystem, or reduced resource pressure.

Common Mistakes¶

• Making several changes at once, which hides the real cause.
• Skipping logs or verification commands after a change.
• Assuming the problem is fixed because one command returned successfully.

Quick Checklist¶

• Record the exact error and timestamp.
• Check current state with a read-only command.
• Inspect service, kernel, or application logs.
• Validate configuration syntax before restart.
• Apply one fix and verify the result.

Related Guides¶

• journalctl Command Examples
• systemctl Command Examples
• Linux Network Troubleshooting Checklist
• df Command Examples

Summary¶

Troubleshooting ssh permission denied is easier when you avoid guesses. Start with status and logs, confirm the failed layer, make the smallest useful change, and verify the final state.