Fix \"Permission denied (publickey)\" on Mac

If you see Permission denied (publickey) when trying to SSH or push to GitHub, it means your SSH key isn't set up correctly.

Here's how to fix it.

Step 1: Check If You Have an SSH Key

ls -la ~/.ssh

Look for files like id_ed25519 and id_ed25519.pub (or id_rsa and id_rsa.pub).

If you don't see any key files, you need to create one.

Step 2: Generate a New SSH Key

ssh-keygen -t ed25519 -C "your@email.com"

Press Enter to accept the default location. Enter a passphrase (or press Enter for none).

This creates two files:

~/.ssh/id_ed25519 (private key - keep this secret)
~/.ssh/id_ed25519.pub (public key - share this)

Step 3: Add the Key to SSH Agent

eval "\$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

To make this permanent, add to ~/.ssh/config:

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

Create the config file if it doesn't exist:

touch ~/.ssh/config
nano ~/.ssh/config

Step 4: Add Your Public Key to GitHub/GitLab/Server

For GitHub:

Copy your public key:

pbcopy < ~/.ssh/id_ed25519.pub

Go to GitHub → Settings → SSH and GPG Keys → New SSH Key
Paste the key and save

For GitLab:

Copy the key with pbcopy < ~/.ssh/id_ed25519.pub
Go to GitLab → Preferences → SSH Keys
Paste and save

For a Server:

ssh-copy-id user@server.com

Or manually add your public key to ~/.ssh/authorized_keys on the server.

Step 5: Test the Connection

ssh -T git@github.com

You should see: "Hi username! You've successfully authenticated..."

Common Problems

Wrong key being used

Check which key SSH is trying:

ssh -vT git@github.com

Look for lines starting with "Offering public key" to see which keys are being tried.

Key not added to agent

ssh-add -l

If it says "The agent has no identities," add your key:

ssh-add ~/.ssh/id_ed25519

Wrong permissions on SSH files

SSH is strict about file permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/config

Using HTTPS instead of SSH

Check your remote URL:

git remote -v

If it starts with https://, change it to SSH:

git remote set-url origin git@github.com:username/repo.git

Key not added to GitHub

Verify your key is on GitHub:

Go to github.com/settings/keys
Compare with cat ~/.ssh/id_ed25519.pub

If they don't match, add the correct key.

Multiple GitHub accounts

Use SSH config to specify which key to use:

Host github.com-work
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519_work

Host github.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519

Then clone with: git clone git@github.com-work:company/repo.git

If You're Using an Old RSA Key

GitHub deprecated RSA keys with certain parameters. Generate a new ed25519 key instead:

ssh-keygen -t ed25519 -C "your@email.com"

Test Verbose Mode

For detailed debugging:

ssh -vvv git@github.com

This shows exactly what SSH is doing and where it fails.

Keep Learning

SSH is essential for secure connections to servers and Git hosts. The free course covers Terminal fundamentals.

Check it out at Mac Terminal for Humans.