I just spent 20 minutes trying to figure out why my passwordless SSH wasn’t working. I’ve done it dozens of times, but this time it wasn’t working and none of the Google results had a solution that helped.
It turns out I was pointing to the public key instead of the private key.
Short summary: Don’t point to the .pub keyfile with IdentityFile in .ssh/config.
A lot of the solutions I found were related to invalid keyfiles, but I’d generated the key with ssh-keygen on that machine, so I was fairly confident the keys were valid.
If you’re having the same problem, use
to get more debugging info.
If this saves someone else 20 minutes, my wasted time will not have been in vain.
Thanks man. I was beating my head on this as well; also had IdentityFile pointing at the .pub.
I’m glad this helped.
I am running Centos 5.5. Had the issue above. As long as I specified a passphrase with ssh-keygen, publickey never worked. If I use a blank passphrase, it works first time, every time.
@Bill Cunningham Thanks for the additional data point.
Found this after running ssh with the ‘-v’ option, and scroogling for ‘PEM_read_PrivateKey failed.’ Appreciate the information, I can’t believe I made such a rookie mistake!
Thanks for the help.
@Mike I felt the same way :)
My problem was completely different, but the ‘ssh -vvv’ tip helped me find it. I was using ‘ssh -v’ and that wasn’t enough verbosity to reveal the problem, but I saw it when running ‘ssh -vvv’. Thanks for the tip!
@Anon No problem.
@Javix No problem.
Chalk up another “Thank you.” D’oh!
I’ll toss another “Thank you” in basket. Cheers!
*Why can’t I remember this?*
A big thanks from me too Dan, seems to happen to load of people who fail to see the very obvious like myself
@Jonathan Thanks for your comment. In our defense, the error message could be far more clear.
I had the same error, different reason. I needed to create the keys with a blank passphrase. Then SSH and SFTP worked. This link helped me: http://everydaylht.com/howtos/system-administration/loggin-in-via-ssh-without-a-password/
@Greg Why did you need to use a blank passphrase? It’s highly recommended to use a passphrase because it’s more secure, and you certainly won’t get this error just because you use a passphrase.
thanks for the -vvv that really helped me
I had a different issue but I thought I’d post it here for the next person
I was getting this error “PEM_read_PrivateKey failed”
I was a client and I had a private key from the host
but the host had put a passphrase on the private key
everytime I did sftp it asked for the passphrase, but it never asked for the password
it turns out I had to use ssh-keygen -p –> I used that to create a new private key without a passphrase and then it all worked out fine
most the posts I read talked about generating a key and putting it on the host but I didn’t have that option, all I had was a private key from the host
@Peter Thanks for sharing another potential cause of this error.
haha, I feel so stupid!
@Simon Don’t beat yourself up – the error could be far more clear. And if dozens of people encounter the same problem, it’s a design flaw, not stupidity.
Just found another cause for this error.
Logging into a centos/rhel sshd server, the authorized_keys file should be named authorized_keys (well duh).
But I copied the _keys file from a debian server, where it was named authorized_keys2. Rename it without the 2… and now Bob’s your ex prime minister.
@Pete Thanks for the additional cause.
Another thank you!
I wonder though, how on earth pointing to the .pub file causes it to work perfectly a few times, and then stop working? Also, it seems like the permissions on the key files were altered from 600 to 664, maybe that has something to do with it?
I unable to use my private key with ssh on mac after I use bitvise tunnelier from windows (with the same key file). I guess my key file corrupted, I have this error, “missing with space” and “not a RSA1 key file…”
I wonder if bitvise was the cause for this. Can anyone help me?
I’ve spent 20+ hours on this problem! Many thanks for your tip!!!!!!!!
@NYC That’s why I posted it, I’m glad to hear it helped you figure it out :)
You just saved me a day of head banging.
@SL You’re welcome, that’s what I love to hear!
I am using ubuntu 12.x and facing exactly same issue.
I generated the rsa key ( ssh-keygen -t rsa -b 4096 )
Copied the id_rsa.pub to authorized_keys and set the permissions as follows
700 for home and .ssh
600 for id_rsa and
640 for id_rsa.pub and authorized_keys
set the PasswordAuthentication on in /etc/ssh/sshd_config file
set the ChallengeResponseAuthentication no
set the UsePAM yes
restarted ssh ( service ssh restart )
All I am doing is to do the ssh from the localhost to localhost only and it fails. I did the same to do ssh to another host that too failed. Have spend enough time on this but hitting the wall again. I hoped that this guide will help me get the solution, but that too in vain. What silly mistake I am making, please guide.
@Udai Assuming you’re pointing at the private key in the IdentityFile, try running ssh -vvv to see what’s going wrong. It’s extremely verbose output, but should show you exactly where it’s failing in the login process.
Nice that this pops up in google for a search on pem_read_privatekey failed : 2 of us were scratching our heads re why the passwordless SSH wasn’t working. using -i .ssh/key.pub will do that… we both looked right through that, it took your page for the lightbulb to go on.
@swy Yeah, I included the error message that I got in the hopes that it would show up for other users searching for it.
OMG. THANK YOU.
You just saved my sanity.
Thanks for posting this.
@murph You’re welcome. Any amount of sanity saved is a good thing in my book.
thank you very much for the solution !!
Unfortunately I had spent days already figuring this out :(
Wow. Thanks so much!
I thought it was my keys as well. Recreated them several times on my local machine and my external server.
I also searched the error message (finally), and glad you’re at the top of the results.
@Geoff That’s great you found it helpful :)
You are the man! Thanks for saving me a ton of time.
@Paul You’re welcome ;)
Great post man, I was wondering what did I do wrong for days!! cheers
I am a newbie to ssh an i believe i am facing similar issue , can some one please explain what is an identity file is all about and where is it located , as in my server it is not located under ~/.ssh/config
Thanks! I spent the last 30 mins on it buddy :) Happy that I found this article.
@Damian I’m glad it helped!
Thank you, banging my head of the wall there for a bit
Thank you though i was going to (â•¯Â°â–¡Â°)â•¯ï¸µ â”»â”â”»
I also had this problem. It was caused by my use of the options ‘-o -a 256’ on ssh-keygen when I originally created my keys. These options generate a keyfile that is not compatible with old versions of ssh (<v6.5).
I fixed the problem by regenerating the keys without including these options when I ran ssh-keygen.
You time was well spent. Thank you!
Glad to hear it :)
Thank you very much. Seriosly, man! That aweseome. I spent whole day for that shit!
@Seanmephi Glad it helped in the end :)
Thanks Buddy, it was really helpful.