Putty/SSH login failed when using RSA public key: 'Server refused our key'
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Putty/SSH login failed when using RSA public key: 'Server refused our key'
ENV: openssh-server-5.4p1-1.fc13.i686
Problem: I am unable to ssh using Putty (when using ssh-auth/pki) to a fedora box . I get the message: Server refused our key.
Here's what I tried so far:
- Tried generating rsa (as well as dsa) keys on the linux server and put the generated public key in the ~/.ssh/authorized_keys. Then I converted the private key using PuttyGen.
- Also, tried generating keys using PuttyGen and then converted the public key and placed it on the server
- Configured the sshd server (ssh_config) for using RSAAuthentication=yes.
Tried all combinations and purmutations; however, I still get the "Server refused our key" error.
Any help would be greatly appreciated.
-itsecx
Last edited by itsecx@gmail.com; 09-19-2010 at 09:52 PM.
@smoker -- I had already tried the suggestion mentioned in the how-to doc; still can't get things working. Same error message: "Server refused our key"
If you feel the need to "convert" keys then you are probably doing it wrong.
The private key generated by ssh-keygen & puttyGen have different formats. Putty cannot decrypt the private key as it is generated by ssh-keygen; thus, the need for conversion.
what is the error in the logs? It should show why it was refused (i.e. the authorized keys file needs to have certain permissions and spelt exactly right : with a Z not S.)
The private key generated by ssh-keygen & puttyGen have different formats. Putty cannot decrypt the private key as it is generated by ssh-keygen; thus, the need for conversion.
Mine work fine and have done for 10 years. Besides which, there is nothing stopping you having 2 keys, one from each OS. You have to copy and paste the public key into the server file so that shouldn't be an issue. BTW, authorized_keys2 is the correct file for SSH2 and it MUST be chmod 600 or SSH will refuse to read it.
- I have three machines that I am trying to ssh to and from for testing purpose. I have a fedora-13 box called securebot; a ubuntu-10 called netapp and a Windows-7 called virtual.
- I can login from securebot to netapp succesfully using the rsa public key
- I *cannot* login from netapp to securebot
- I *cannot* login from the virtual to *either* of the two linux (securebot or netapp).
-------------------------
Here's the ~/.ssh directory contents of securebot:
drwxr-xr-x. 2 tester tester 4096 Sep 21 21:09 .
drwx------. 25 tester tester 4096 Sep 21 19:25 ..
-rw-------. 1 tester tester 416 Sep 20 23:12 authorized_keys
-rw-------. 1 tester tester 1766 Sep 20 22:06 id_rsa
-rw-------. 1 tester tester 416 Sep 20 22:06 id_rsa.pub
-rw-------. 1 tester tester 808 Sep 20 22:50 known_hosts
--------------------------
Here's the ~/.ssh directory contents of netapp:
drwx------ 3 tester tester 4096 2010-09-21 21:11 .
drwx------ 4 tester tester 4096 2010-09-21 21:07 ..
-rw------- 1 tester tester 416 2010-09-20 23:13 authorized_keys
-rw------- 1 tester tester 1766 2010-09-20 22:10 id_rsa
-rw------- 1 tester tester 416 2010-09-20 22:10 id_rsa.pub
-rw------- 1 tester tester 884 2010-09-20 22:48 known_hosts
---------------------------
Here's the problematic ssh session initiation from netapp TO securebot:
OpenSSH_5.3p1 Debian-3ubuntu3, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to securebot [172.16.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/tester/.ssh/identity type -1
debug1: identity file /home/tester/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/tester/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'securebot' is known and matches the RSA host key.
debug1: Found key in /home/tester/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tester/.ssh/identity
debug1: Offering public key: /home/tester/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/tester/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
-----------------------------------
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.