ENV: openssh-server-5.4p1-1.fc13.i686

Problem: I am unable to ssh using Putty (when using ssh-auth/pki) to a fedora box . I get the message: Server refused our key.

Here's what I tried so far:
- Tried generating rsa (as well as dsa) keys on the linux server and put the generated public key in the ~/.ssh/authorized_keys. Then I converted the private key using PuttyGen.
- Also, tried generating keys using PuttyGen and then converted the public key and placed it on the server
- Configured the sshd server (ssh_config) for using RSAAuthentication=yes.
Tried all combinations and purmutations; however, I still get the "Server refused our key" error.

Any help would be greatly appreciated.

-itsecx

Here is a how-to I wrote some time ago.

@smoker -- I had already tried the suggestion mentioned in the how-to doc; still can't get things working. Same error message: "Server refused our key"

If you feel the need to "convert" keys then you are probably doing it wrong.

The private key generated by ssh-keygen & puttyGen have different formats. Putty cannot decrypt the private key as it is generated by ssh-keygen; thus, the need for conversion.

what is the error in the logs? It should show why it was refused (i.e. the authorized keys file needs to have certain permissions and spelt exactly right : with a Z not S.)

Hi,

Did you tried to delete the old RSA key from know_hosts file and replace with the new ?

Mine work fine and have done for 10 years. Besides which, there is nothing stopping you having 2 keys, one from each OS. You have to copy and paste the public key into the server file so that shouldn't be an issue. BTW, authorized_keys2 is the correct file for SSH2 and it MUST be chmod 600 or SSH will refuse to read it.

Yes, I had even deleted the entire file, but no go.

Additional Information:

- I have three machines that I am trying to ssh to and from for testing purpose. I have a fedora-13 box called securebot; a ubuntu-10 called netapp and a Windows-7 called virtual.
- I can login from securebot to netapp succesfully using the rsa public key
- I *cannot* login from netapp to securebot
- I *cannot* login from the virtual to *either* of the two linux (securebot or netapp).
-------------------------
Here's the ~/.ssh directory contents of securebot:
drwxr-xr-x. 2 tester tester 4096 Sep 21 21:09 .
drwx------. 25 tester tester 4096 Sep 21 19:25 ..
-rw-------. 1 tester tester 416 Sep 20 23:12 authorized_keys
-rw-------. 1 tester tester 1766 Sep 20 22:06 id_rsa
-rw-------. 1 tester tester 416 Sep 20 22:06 id_rsa.pub
-rw-------. 1 tester tester 808 Sep 20 22:50 known_hosts
--------------------------
Here's the ~/.ssh directory contents of netapp:
drwx------ 3 tester tester 4096 2010-09-21 21:11 .
drwx------ 4 tester tester 4096 2010-09-21 21:07 ..
-rw------- 1 tester tester 416 2010-09-20 23:13 authorized_keys
-rw------- 1 tester tester 1766 2010-09-20 22:10 id_rsa
-rw------- 1 tester tester 416 2010-09-20 22:10 id_rsa.pub
-rw------- 1 tester tester 884 2010-09-20 22:48 known_hosts
---------------------------
Here's the problematic ssh session initiation from netapp TO securebot:

OpenSSH_5.3p1 Debian-3ubuntu3, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to securebot [172.16.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/tester/.ssh/identity type -1
debug1: identity file /home/tester/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/tester/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'securebot' is known and matches the RSA host key.
debug1: Found key in /home/tester/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tester/.ssh/identity
debug1: Offering public key: /home/tester/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/tester/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
-----------------------------------

Issue unresolved. Gonna go ahead and close it as there has been no response/activity for sometime now.