Trying to do ssh authentication with key files: server refused our key

I'm trying to setup ssh authentication with key files in stead of username/password. The client is a Windows box running PuTTY and the server is a Ubuntu 12.04 LTS server.

I downloaded puttygen.exe and had it generate a key pair. In /etc/ssh/sshd_config I have this line:

AuthorizedKeysFile %h/.ssh/authorized_keys

and on my client's public key file it says this:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "[email protected]"
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAr3Qo6T5XU06ZigGOd3eKvfBhFLhg5kWv8lz6
qJ2G9XCbexlPQGanPhh+vcPkhor6+7OmB+WSdHeNO652kTofnauTKcTCbHjsT7cJ
GNrO8WVURRh4fabknUHPmauerWQZ6TgRPGaz0aucU+2C+DUo2SKVFDir1vb+4u83
[email protected]
---- END SSH2 PUBLIC KEY ----

I copied the part from "ssh-rsa AAA" to "[email protected]" and put that in the file ~/.ssh/authorized_keys on my server (in my own homefolder). In PuTTY under Connection > SSH > Auth I entered the path to the private key it generated on my client and saved the session settings.

I restarted the ssh server with

sudo service ssh restart

Now if I load the profile in PuTTY (I verified the private key is still in Connection > SSH > Auth and that the path is correct) and run the profile, it says

Server refused our key

I tried putting the public key in a file under the directory ./ssh/authorized_keys/ but that didn't help so I used ./ssh/authorized_keys as a file, pasting the key in it. I also tried generating a private/public key pair on the server, putting the public key in ./ssh/authorized_files and loading the private one in PuTTY on my client. Rebooting the server didn't help either.

I found that the error may be solved by putting the key in a place outside the user's home folder but that's only useful if the home folder is encrypted, which this one is not.

Also tried generating a 4096 bit key, thinking perhaps 1024 was too short.

How can I get this to work? Thanks!

EDIT:

Ok, /var/log/auth.log said:

sshd: Authentication refused: bad ownership or modes for directory /home/vorkbaard/.ssh

Google tells me ~/.ssh/ should be 700 and and ~/.ssh/authorized_keys should be 600, so I did that. Now /var/log/auth.log says:

sshd: error: key_read: uudecode AAAAB3N [etc etc etc until about 3/4 of my public key]

Solution 1:

Ok, it is fixed however I don't see how this is different from what I tried already.

What I did:

  • generate a key pair with puttygen.exe (length: 1024 bits)
  • load the private key in the PuTTY profile
  • enter the public key in ~/.ssh/authorized_keys in one line (ssh-rsa {your_public_key} with no more than once space between ssh-rsa and your key)
  • chmod 700 ~/.ssh
  • chmod 600 ~/.ssh/authorized_keys
  • chown $USER:$USER ~/.ssh -R
  • change /etc/ssh/sshd_config so it contains AuthorizedKeysFile %h/.ssh/authorized_keys
  • sudo service ssh restart

For troubleshooting do # tail -f /var/log/auth.log.

Thanks for your help!

Solution 2:

I just encountered this problem. Despite having the config set correctly as is already mentioned in this thread (permissions on authorized_keys etc.), it turns out I had the public key in the wrong format. It was in the form of:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "imported-openssh-key"
AAAAB3NzaC1yc2EAAAADAQABAAABAQDUoj0N3vuLpeviGvZTasGQ...
... lPmTrOfVTxI9wjax2JvKcyE0fiNMzXO7qiHJsQM9G9ZB4Lkf71kT
---- END SSH2 PUBLIC KEY ----

Which wasn't working. But got it working having it in the form:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU.....j0N3vuLpeviGvZTasGQa1rcJiPXQMW7v3uurb+n94B9MQaaWR0odsg5DJQL92TNenOda5BO1nd08y6+sdLQmHXExTz6X8FzgoVsAkEl3RscxcxHUksiKA9JfTo38vQvG/bPxIHMCuSumCQVA1laf3rO/uOrkcB7iMWhaoi1/z6AbFtPzeh7xjGfInMWwtBI0CsHSRF73VWIxT26w0P+KjafCjSn/7vDO1bT8QHujSQelU/GqaVEvbbvPl1a7POVjKgHLNekolwRKfNeVEewcnmZaoqfHgOKlPmTrOfVTxI9wjax2JvKcyE0fiNMzXO7qiHJsQM9G9ZB4Lkf71kT UserName@HOSTNAME

Solution 3:

I had to change permissions to home directory

chmod 700 ~

Solution 4:

the problem is that windows uses a different new line than linux, so when copying the key from windows to linux, there is a \n at the end of the line that you can not see on linux in the editor.

If you tail the /var/log/auth.log and try to login, the error is like:

sshd: error: key_read: uudecode AAAAB3N[....]==\n

If you change your key on windows so its in a single line without a new line at the end and copy it then to linux, it should work (did the trick for me).

Solution 5:

I had to change the ~/.ssh directory permissions from 770 to 700 and the ~/.ssh/authorized_keys file permissions from 660 to 600.

For some reason removing group permissions fixed this issue for me.

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys