SSH public key authentication does not work


2016-11-16 12:55:20 UTC


2017-08-08 13:17:19 UTC


Was this article helpful?

Have more questions?

Submit a request

SSH public key authentication does not work

Applicable to:

  • Plesk


Providing a system user with an ability to log in to a server using SSH public key does not work.


The home directory of each SSH user in Plesk is write-protected.


Permissions of the file authorized_keys are incorrect.


Since Plesk 12.0.18 and above such functionality can be managed with SSH Keys Manager extension. Go to Home > Extensions > Extenstions Catalog and install SSH Keys Manage.

Note: Make sure that the file authorized_keys has correct permissions. It should be accessible only by the owner:

$ ls -l ~/.ssh/authorized_keys
-rw------- 1 ftpuser psacln 399 Jul 15  2016 /var/www/vhosts/

Alternatively, use the following workaround:

  1. As root, edit /etc/ssh/sshd_config. Add this line or change an existing one to the following:

    # cat /etc/ssh/sshd_config | grep AuthorizedKeysFile
    AuthorizedKeysFile .ssh/authorized_keys %h/private/.ssh/authorized_keys

    This will make SSH search for .ssh directory in another directory named private for each user, not only for the root home directory.

  2. Save the file and restart the sshd:

    # service sshd restart

To use SSH public key customer has to add it in authorized_keys file. It should be done as follows:

  1. Log into customer account under provided SSH user and run these commands:

    $ cd private
    $ mkdir .ssh
    $ echo "insert your SSH key here" > .ssh/authorized_keys $ chmod -R og-xrw .ssh
  2. Make sure the owner and group are correct:
    $ chown -R ftpuser.psacln .ssh
Have more questions? Submit a request


  • 0
    Faris Raouf

    This is very helpful.

    But it needs to be made clear that when using the manual method (create .ssh and authorized keys in subscription's private directory), it is necessary to chown both .ssh and authorized_keys to ftpuser.root [or possibly ftpuser.psacln], where ftpuser = the ftp username shown on the page where you enable or disable ssh access for the subscription.

    If this is not done, the authorized_keys file is not readable and an ssh key-based login will not be possible.

    It would also be nice if it was made clear that you need to chmod og-xrw authorized_keys although this is hinted at right at the start, it is not as clear as some users might need it to be.




  • 0
    Pavel Mikhaylov

    Hi Faris,

    Thank you for your input.

    The article has been modified considering your recommendation.

Please sign in to leave a comment.