LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 09-19-2010, 09:50 PM   #1
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Rep: Reputation: 0
Putty/SSH login failed when using RSA public key: 'Server refused our key'


ENV: openssh-server-5.4p1-1.fc13.i686

Problem: I am unable to ssh using Putty (when using ssh-auth/pki) to a fedora box . I get the message: Server refused our key.

Here's what I tried so far:
- Tried generating rsa (as well as dsa) keys on the linux server and put the generated public key in the ~/.ssh/authorized_keys. Then I converted the private key using PuttyGen.
- Also, tried generating keys using PuttyGen and then converted the public key and placed it on the server
- Configured the sshd server (ssh_config) for using RSAAuthentication=yes.
Tried all combinations and purmutations; however, I still get the "Server refused our key" error.

Any help would be greatly appreciated.

-itsecx

Last edited by itsecx@gmail.com; 09-19-2010 at 09:52 PM.
 
Old 09-20-2010, 12:12 AM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
Here is a how-to I wrote some time ago.
 
Old 09-20-2010, 04:26 PM   #3
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by smoker View Post
Here is a how-to I wrote some time ago.
@smoker -- I had already tried the suggestion mentioned in the how-to doc; still can't get things working. Same error message: "Server refused our key"
 
Old 09-20-2010, 06:14 PM   #4
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
If you feel the need to "convert" keys then you are probably doing it wrong.
 
Old 09-21-2010, 07:21 AM   #5
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by smoker View Post
If you feel the need to "convert" keys then you are probably doing it wrong.
The private key generated by ssh-keygen & puttyGen have different formats. Putty cannot decrypt the private key as it is generated by ssh-keygen; thus, the need for conversion.
 
Old 09-21-2010, 07:28 AM   #6
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Rep: Reputation: 72
what is the error in the logs? It should show why it was refused (i.e. the authorized keys file needs to have certain permissions and spelt exactly right : with a Z not S.)
 
Old 09-21-2010, 09:27 AM   #7
vivekam79
LQ Newbie
 
Registered: Jan 2010
Posts: 1

Rep: Reputation: 0
Hi,

Did you tried to delete the old RSA key from know_hosts file and replace with the new ?
 
Old 09-21-2010, 03:33 PM   #8
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
Quote:
Originally Posted by itsecx@gmail.com View Post
The private key generated by ssh-keygen & puttyGen have different formats. Putty cannot decrypt the private key as it is generated by ssh-keygen; thus, the need for conversion.
Mine work fine and have done for 10 years. Besides which, there is nothing stopping you having 2 keys, one from each OS. You have to copy and paste the public key into the server file so that shouldn't be an issue. BTW, authorized_keys2 is the correct file for SSH2 and it MUST be chmod 600 or SSH will refuse to read it.
 
Old 09-21-2010, 06:23 PM   #9
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by vivekam79 View Post
Hi,

Did you tried to delete the old RSA key from know_hosts file and replace with the new ?
Yes, I had even deleted the entire file, but no go.
 
Old 09-21-2010, 08:18 PM   #10
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Original Poster
Rep: Reputation: 0
Additional Information:

- I have three machines that I am trying to ssh to and from for testing purpose. I have a fedora-13 box called securebot; a ubuntu-10 called netapp and a Windows-7 called virtual.
- I can login from securebot to netapp succesfully using the rsa public key
- I *cannot* login from netapp to securebot
- I *cannot* login from the virtual to *either* of the two linux (securebot or netapp).
-------------------------
Here's the ~/.ssh directory contents of securebot:
drwxr-xr-x. 2 tester tester 4096 Sep 21 21:09 .
drwx------. 25 tester tester 4096 Sep 21 19:25 ..
-rw-------. 1 tester tester 416 Sep 20 23:12 authorized_keys
-rw-------. 1 tester tester 1766 Sep 20 22:06 id_rsa
-rw-------. 1 tester tester 416 Sep 20 22:06 id_rsa.pub
-rw-------. 1 tester tester 808 Sep 20 22:50 known_hosts
--------------------------
Here's the ~/.ssh directory contents of netapp:
drwx------ 3 tester tester 4096 2010-09-21 21:11 .
drwx------ 4 tester tester 4096 2010-09-21 21:07 ..
-rw------- 1 tester tester 416 2010-09-20 23:13 authorized_keys
-rw------- 1 tester tester 1766 2010-09-20 22:10 id_rsa
-rw------- 1 tester tester 416 2010-09-20 22:10 id_rsa.pub
-rw------- 1 tester tester 884 2010-09-20 22:48 known_hosts
---------------------------
Here's the problematic ssh session initiation from netapp TO securebot:

OpenSSH_5.3p1 Debian-3ubuntu3, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to securebot [172.16.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/tester/.ssh/identity type -1
debug1: identity file /home/tester/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/tester/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'securebot' is known and matches the RSA host key.
debug1: Found key in /home/tester/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tester/.ssh/identity
debug1: Offering public key: /home/tester/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/tester/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
-----------------------------------
 
Old 10-04-2010, 01:19 PM   #11
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Original Poster
Rep: Reputation: 0
Issue unresolved. Gonna go ahead and close it as there has been no response/activity for sometime now.
 
  


Reply

Tags
putty, rsa, ssh, sshd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rsa host key error while trying to ssh to server abti Linux - Security 12 01-09-2013 06:45 AM
[SOLVED] SSH login with public key issue ZAMO Linux - Security 3 07-02-2010 03:36 PM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM


All times are GMT -5. The time now is 10:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration