I'm trying to use a public key authentication from a Windows XP to Linux.
XP is using ssh secure shell client 3.2.9 and Linux is using openssh 3.6.1
I generated the private/public keys using ssh client on Windows and uploaded the public key to Linux: /home/username/.ssh and did:
ssh-keygen -i -f id_dsa_1024_a.pub >> authorized_keys
The directory/file permissions are correct:

Home Directory =750
.ssh =700
authorized_keys file =644

When I try to connect to Linux, I get "No further authentication methods available".
I did notice that when I was trying to upload the public key, it defaulted to .ssh2 but my Linux uses .ssh so I'm not sure if that has something to do with it.
It seems Linux isn't able to read the private key on the Windows client.

The debug file on Windows client shows the following:

Ssh2AuthPubKeyClient/authc-pubkey.c:983: All keys declined by server, disabling method.

Ssh2AuthClient/sshauthc.c:319: Method 'publickey' disabled.

Any suggestions?

Thanks.

Beyond the admonition to very carefully read the SSH configuration files, and to review the Linux logs in /var/log, "not really."

SSH is a bit tricky to set up mainly because the documentation is not very great, but there's a cornucopia of good stuff on the Internet. The client is pretty much telling you what happened: of the various authentication-proposals that it offered to the server, none were accepted. (It might never have actually sent a password, because the first part of the exchange is to determine what credentials the server wishes to see.)

The server's logs will tell you more.

Been there. Done that.

well, I use the following working procedure:
use puttyGen on your windows machine to generate a private/public key, copy the contents of the public key field in puttyGen to the clipboard (or a plain textfile)

connect to your linux box and insert the copy of the public key in your auth. keys file
(using cat filename >> ~/.ssh/authorized_keys or by editing ~/.ssh/authorized_keys)

disconnect your connection and try connecting with the private key (using putty for example).

if it does not work, check if your server accepts puclic/private key auth, see /etc/ssh/sshd_config and its man page for this.

see http://www.vbulletin-germany.com/for...28&postcount=5 for a step by step HOWTO. (This one is in german, but with enough pictures to be really easy to understand.)

You don't use ssh-keygen on the server, only the client. You upload the public key to the server, and append it to ~/.ssh/authorized_keys, which must have 600 permissions.

Check /var/log/auth.log if the authentication is rejected - the error messages are generally pretty good.

Tip: By default, ssh-keygen will create file id_dsa and id_dsa.pub. If you just put the id_dsa file in your ~/.ssh/ directory (on the client), you do not need to specify it each time you connect to the server. SSH will check for this file automatically.

I have some information Here about setting up SSH on the client and server.

I hope this helps
--Ian

his client is Win, so he for sure did not use ssh-keygen there and "ssh-keygen -i" will use an existing key in a file and convert it for appending to authorized_keys, so that part seemed not so wrong.
If I understood him right, he created a public/private key on the client (by whatever means), copied the public part to the server, and tried to import it into authorized_keys there.

the rights seem bad indeed, 600 should be better than 644.
The part about the default folder when uploading the pub key is not clear to me. What SW did you use?

@IBall: your HOWTO seems really good, but I have one thing to mention:
you should not use the filename id_dsa.pub when uploading the "client" key to the server, because if one has used ssh-keygen on the machine, this file may already be present and contains the "server" public key (matching the "id_dsa" file). Better call it "client_id.pub" or something and add a step deleting the file after appending to authorized keys.

I had to chmod to 700 = authorized_keys to get it to work. Not sure why that was.
Yes, the keys were generated on Windows. And ssh-keygen -i was to convert ssh2 format to openssh format since if left as ssh2 format, it won't be compatible.
What I meant by the default folder when uploading was that there's an option to upload from the client on Windows which will upload the public key to the target as long as you're already connected via ssh but the default folder will upload to .ssh2 instead of .ssh.

Thanks

ok, fine then, but set the rights to 600 instead of 700, the file should not be executable (bitmask 1)

Thanks for the feedback. I will look at this when I get time