SSH giving server refused public-key signature despite accepting key
This all started when I was trying to add two additional public keys to the
etc/.ssh/authorized_keys to our Ubuntu 18 LTS server. I did this by using root & ssh into via Filezilla to download the authorized_keys file add the open ssh keys and then upload it back. After I did this, I couldn't access SSH anymore. I did a snapshot of the server prior to, so I tried to restore and the snapshot said it ran successfully. I thought that would resolve the issue, but when I tried to ssh back into the server, the symptom persisted. I used an alternate way to access the server and thought that perhaps filezilla changed permissions on the file(s).. So I then ran: chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys That didn't help. I then edited etc/ssh/sshd_config and added AllowUsers newuser AllowUsers root I then ran systemctl restart ssh The error message has changed and now I'm getting: "server refused public-key signature despite accepting key" and "No supported authentication methods available (server sent: publickey) I then ran sudo tail -f /var/log/auth.log and while I can see things like: deprecated option UsePrivilegeSseparation deprecated option ServerKeyBits deprecated option RSAAuthentication deprecated option rhostsRDAAuthentication error: could not load host key: etc/ssh/ssh_host_dsa_key root login refused How do I fix this? |
What operating system is on your PC? If it's Windows, you may have included invisible but illegal characters in authorized_file. Lines in Windows text files are terminated with two characters <CARRIAGE RETURN><LINE FEED>, whereas Linux and UNIX text files use a single <LINE FEED>.
|
Along those same lines, while you are at the console, how many keys are there with the correct syntax? And in which file did you really put the keys?
Code:
ssh-keygen -lf /etc/ssh/authorized_keys But first roll back the recent changes you made to sshd_config. Or else show what you have: Code:
sudo sshd -T | sort |
Hello & thanks for the replies.
This issue is resolved. Reviewing my initial post, I failed to mention I was trying to log in as root. The cause of the problem was that someone had changed the sshd_config file. Specifically, they changed the line: PermitRootLogin yes, to no to resolve edit this line to read: PermitRootLogin yes I was editing using nano, so I then did: Ctrl O (to save) and then Ctrl X (to exit out of editing the file) and then run sudo systemctl reload sshd That said, you both asked great questions (of which are relevant to my other post and the whole reason why I enabled root login, which was to create a new user that I can ssh in via ssh key. See my post "Added newuser in Ubuntu with SSH key but unable to access as newuser" as it is currently unresolved. The answer to your questions (as it may help others & me on my other post)... Regarding: What operating system is on your PC? > I'm using Windows 10 (I have a desktop and a laptop and I've tried both just in case something was running on one that would have been corrupting the clipboard when I copied/pasted the key into the authorized_keys file. Regarding: How many keys are there with the correct syntax? >All (1-3) Appear to have the correct syntax. I've tried one at a time, and have also left some in there (up to 3) where each key is on a single line and only a single line space separates each key. I've tried Ed25519 (as my root key is and it now works :-) ), but this morning I've also tried an RSA 4096 bit key as well. Regarding: And in which file did you really put the keys? > For root, I've been logging in as root and typing: nano /etc/.ssh/authorized_keys. Along the same thought, in sshd_config, the AuthorizedKeysFile line has ~/.ssh/authorized_keys So for root, the path was/is correct. However, for my other post when creating a new user, this may be where I messed up. For anyone having issues logging in with an ssh key with a newly created user, see the above link as I'm guessing this may get resolved soon. Regarding: They (the SSH key(s)) need to be whole and unbroken with a single line per key and in the right format, including the right end-of-line character. > I don't know what the "right end-of-line character" means. I select the public key open ssh code from puttygen, (only the text) and right click on the authorized_keys file to paste. I've wondered and tried not hitting a return in the file and after pasting immediately saved ( ctrl O ) but it didn't seem to make a difference. Thank you |
As a compromise, you can set PermitRootLogin to prohibit-password that way you can still log in with SSH keys but you can't use password login. That takes a load of worry off of your system administrator who otherwise has to be concerned about bots trying passwords. See "man sshd_config"
|
Upgrade putty to version 0.77
Some protocol deprecation in progress..
1. Upgrade putty to version 0.77 (that includes puttygen) 2. Run puttygen, load id_rsa file, generate new PPK (overwrite old one) |
Check KeeAgent
I just ran into this problem. My laptop would work fine, but my Desktop would fail with "server refused public-key signature despite accepting key". I finally traced it to KeeAgent in KeePass. I was running v0.10.1, upgrading to v0.13.1 solved the problem. My laptop had v0.11.1, which also seemed to work with KeePass just fine.
|
All times are GMT -5. The time now is 11:46 AM. |