Putty Getting Server refused our key Error

Question

I created key pair using puttygen exe  client is windows 8   On server  Ubuntu 12 04 3 LTS   I have put my public key in    ssh authorized keys  The public key is this   ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAopfM6RHOgnuc4Aftn3t4k5UIAT3StCAbn vg IMbphbXadshC 79sIlRq3P4zGzMjFTP4hKnzu6ehLV5lmj qorq3SKT bPO5Qrac3VbIlrGvuBFDDjP82I2Hwg3HzlsFTstqk  KToapaTYZ7jENEYyPl2wnzITJnt   4U1o6juoXTKgdNE02hHnRZyHOV bnkZyJJCEwJv5U0eXSThQnhmXtUxGT8U0HQNFiXfqIIVllhWiCnyrhhIaKz CIJNAd2VmzyJzQtJtTQX8aWSNVrZju6Sv2 RncTNvsACdNgjjh FH8PQXaep00jlJ3MOdsC8vz6VSPFbh6iKy1oLQ   rsa-key-20131231   So it s correct  one line  no comments  starts with ssh-rsa  etc     ssh dir permission level is 700  authorized keys file permission is 600  Both directory and file owned by the actual user that I try to log in    When I try connecting I m getting  server refused our key  and server asks for password  That s all  Nothing is logged to  var log auth log when attempting to log in with the key    I ve looked everywhere and all articles and tips mention setting chmod 600 and 700 for the file directory and formatting the key correctly  I ve done all this still getting  refused our key  error and I m out of ideas

User · Answer

On my case the problem was like this  during the generation of ssh keys I intentionally changed the default directories of the keys  So instead of using the location    ssh authorized keys I chose to use   home user folder1  ssh authorized keys  for these changes to work I was supposed to make the same changes of about the new location on this file  etc ssh sshd config  But until I am realising this I had already tried several solutions suggested by other people here including setting the permission of home folder to 700 and the  ssh directory to 600

User · Answer

OK  there was a small typo in my key  Apparently when pasting to file the first letter was cut off and it started with sh-rsa instead of ssh-rsa   nrathathaus - your answer was very helpful  thanks a lot  this answer is credited to you    I did like you said and set this in sshd conf   LogLevel DEBUG3   By looking at the logs I realized that sshd reads the key correctly but rejects it because of the incorrect identifier

User · Answer

In my case  is a permission problem   I changed the log level to DEBUG3  and in  var log secure I see this line   Authentication refused  bad ownership or modes for directory   Googled and I found this post   https   www daveperrett com articles 2010 09 14 ssh-authentication-refused    chmod g-w  home your user chmod 700  home your user  ssh chmod 600  home your user  ssh authorized keys    Basically  it tells me to    get rid of group w permission of your user home dir change permission to 700 of the  ssh dir change permission to 600 of the authorized keys file    And that works   Another thing is that even I enabled root login  I cannot get root to work  Better use another user

User · Answer

check your key  this should be a rsa  id rsa pub  key today and no longer a dss  id dsa pub  key  use puttygen 0 70 and choose RSA on type of key to generate  replace the public key on host    ssh authorized keys

User · Answer

I m using a PUTTYgen file with psftp  and I encountered this problem on my Windows Server when we were required to create new keys for a client  The private key name ppk file and the open ssh txt file must be in the same directory for the connection to work

User · Answer

In my case  I had to disable SELinux on Centos6 6 to get it working     Edit  etc selinux config and set the following and then reboot the host   selinux disabled   BTW   forgot to mention that I had to set the LogLevel DEBUG3 to identify the issue

User · Answer

As my experience  I suggest you should generate keys from putty  should not generate from linux side  Because the key will be old PEM format  Anyway  just my suggestion  I did as steps below and worked fine with me and with my team    Generate a key pair with PuTTYGen exe on your local  type  RSA  length  2048 bits   Save private public key as  id rsa ppk id rsa pub  files on your local  Create  authorized keys  file on your local  then enter the public key in  id rsa pub  to  authorized keys   Remember content has to begin with  ssh-rsa  and one line only       Use WinScp  or putty command  to copy  authorized keys  amp  id rsa pub  from your local to your linux-user-home   home  USER  ssh         Run these commands    chmod 700  ssh  chmod 600  ssh authorized keys  chown  USER  USER  ssh -R Test your connect setting by load the private key  id rsa ppk  in the PuTTY exe profile  then click open  put your passphrase if have

User · Answer

Running Windows 8 1 I ran into the server refused our key problem    Following the guide  https   winscp net eng docs guide windows openssh server It was easy to make a connection using the Windows login username and password  However  authenticating with the username in combination with a private key  the response was server refused our key   Getting it to work with a public key came down to the permissions on the file  C  ProgramData ssh administrators authorized keys  This is a helpful page  https   github com PowerShell Win32-OpenSSH wiki Troubleshooting-Steps  Stop the two OpenSSH services  then open a command prompt with admin permissions  Then run  C  OpenSSH-Win32 gt c  OpenSSH-Win32 sshd exe -ddd  Note  specify the full path to the exe otherwise sshd complains  This creates a one-time use connection listener  The -ddd is verbose level 3   After making a connection  scanning the logs revealed   debug1  trying public key file   PROGRAMDATA   ssh administrators authorized keys debug3  Failed to open file C  ProgramData ssh administrators authorized keys error 2 debug1  Could not open authorized keys    PROGRAMDATA   ssh administrators authorized keys           No such file or directory   Had to create the file  C  ProgramData ssh administrators authorized keys And copy the public key text into it  e g  ssh-rsa AAAA                MmpfXUCj rsa-key-20190505 And then save the file  I saved the file as UTF-8 with the BOM  Didn t test ANSI   Then running the one-time command line again  in the logs showed   debug1  trying public key file   PROGRAMDATA   ssh administrators authorized keys debug3  Bad permissions  Try removing permissions for user  S-1-5-11 on file C  ProgramData ssh administrators authorized keys          Authentication refused    S-1-5-11 is the name given to the System   To fix the Bad permissions  right click on the administrators authorized keys file  goto the Security Tab   click the Advanced button and remove inherited permissions  Then delete all Group or user names  except for the Windows login username  e g  YourMachineName username The permissions for that username should be Read Allow  Write Deny everything else is unchecked  The owner of the file should also be YourMachineName username  This fixed the problem   Other Useful links   Download OpenSSH-Win32 zip from  https   github com PowerShell Win32-OpenSSH releases  C  example of how to use the WinSCPnet dll to make a connection to the OpenSSH server  https   winscp net eng docs library csharp  Here is the code snippet to make a connection using the WinSCPnet dll   static void WinSCPTest         SessionOptions ops   new SessionOptions           Protocol   Protocol Sftp           PortNumber   22          HostName    192 168 1 188            UserName    user123             Password    Password1           SshHostKeyFingerprint     ssh-rsa 2048 qu0f                        ddowUUXA               ops SshPrivateKeyPath     C  temp rsa-key-20190505 ppk        using  Session session   new Session              session Open ops           MessageBox Show  success              Replace SshHostKeyFingerprint and SshPrivateKeyPath with your own values   Edit  added screenshot of administrators authorized keys file permissions    When OpenSSH SSH Server is running as a Service  then only System should have permission  However  if running sshd exe from the command prompt  then the current user should be the only one listed  read allow  write deny

User · Answer

I have this issue where sshd only reads from authorized keys2   Copying or renaming the file fixed the problem for me   cd     ssh sudo cat authorized keys  gt  gt  authorized keys2   P S  I m using Putty from Windows and used PuTTyKeygen for key pair generation

User · Answer

Steps to fix Root mount  That i followed as i changed permission with ec2-user folder and the authorization key file  This process will be similar to detach and attach a pen-drive  Below are some other scenarios you may encounter -         You re using an SSH private key but the corresponding public key is not in the authorized keys file    You don t have permissions for your authorized keys file    You don t have permissions for the  ssh folder    Your authorized keys file or  ssh folder isn t named correctly    Your authorized keys file or  ssh folder was deleted       Steps to fix them   Stop the problematic Ec2 instance  Detach the root volume   dev sda1  Create an ec2 instance or use an running one Mount the detached volume   dev sdvf  to new ec2 instance    Now after you login to new ec2 run below steps    Lsblk command - list all available mounts Pick the mount value that you unmount from the problematic instance  As ec2-user run    sudo mount  dev mapper rootvg-home  mnt    sudo mount  dev mapper rootvg-home  mnt Then change directory to  mnt Make all necessary changes   Now we have fixed our volume with the issue that we faced  Mostly it could be user permission issue - Umount  mnt to unmounts it  - Now go to the console and point to the volume attached to new instance and detach it  - After detached  attached it to your new volume as  dev sda1   With that said you should be able to login successfully

User · Answer

Adding a few thoughts as other answers helped  but were not exact fit   First of all  as mentioned in accepted answer  edit   etc ssh sshd config   and set log level   LogLevel DEBUG3   Then try to authenticate  and when it fails  look for log file    var log secure   It will have errors you are looking for

User · Answer

In my case it was caused by   etc ssh sshd config    PermitRootLogin no   Changed to yes  restarted the service and got in normally

User · Answer

Another reason could be UTF-8 BOM in the authorized keys file

User · Answer

Thanks to nrathaus and  var log auth log investigation on debug level comes the following   Another reason is that your home directory may have permissions different than 755

User · Answer

When using Cpanel you can check if the key is authorized in  SSH Access    Public keys    Manage    Authorize or Deauthorize

User · Answer

In my case home on nfs was 777  needed to be 750  That fixed the issue

User · Answer

In my case I had to change the permissions of  home user from 0755 to 0700 as well

User · Answer

I had the same error on solaris but found in  var adm splunk-auth log the following   sshd   auth debug  debug1  PAM conv function returns PAM SUCCESS sshd   auth notice  Excessive  3  login failures for weblogic  locking account  sshd   auth debug  ldap pam sm authenticate sshd-kbdint weblogic   flags   1 sshd   auth info  Keyboard-interactive  PAM  userauth failed 9  while authenticating  Authentication failed   In  etc shadow the account was locked   weblogic  LK UP 16447      3   Removed the   LK   part   weblogic UP 16447      3   and I could use ssh with authorized keys as usual

User · Answer

In the case of mine it was a wrong user group attribution  I solved setting the right user and group  sudo chown  user   group  -R  home  user

User · Answer

having same issue in windows server 2008 r2 and explored a lot to solve  finally did that by following   open C  Program Files  x86  OpenSSH etc sshd config with textpad or any other text editor  remove comment from following lines  after removing they should look like following   RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile   ssh authorized keys   save it and try to login with private key now   have fun

User · Answer

if you get this error in  var log secure      error  key read  key from blob AA   AAB3NzaC1yc2EAAAABJQAAAQEAoo3PFwX04NFG rKz93l7em1BsUBzjHPMsswD   it means your key is having space  if you generated key through puttgen when you view  ppk file  it will look like this   AAAAB3NzaC1yc2EAAAABJQAAAQEAoo3PFwX04NFG rKz93l7em1BsUBzjHPMsswD al74MLaJyhQD0pE23NS1izahbo1sJGnSJu2VJ  zxidSsba6xa6OvmeiKTwCz0E5 GMefdGVdpdbTlv99qjBl1 Nw1tDnHIC0 v9XmeZERQfCds9Kp1UivfReoYImntBC gLtNyqRYrSu8csJCt7E1oY8QK6WP1vfYgAQ2taGyS9 g7FHyyf5VY2vH3oWzzbqz xjsSLAv3zEQSm1LzSw9Pvc8iwasFyUMBOPj31CKQYTXyX8KpJTr0Zb7oqMauBE5L VwxZhlcJHbj0FsMbF  GRjvgexymCi3bHmwGQ6FEADNd0RkhdQ     and when you try to paste it you will get an error in reading key  so try to edit key and make it one line and try it   this should look like something  ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoo3PFwX04NFG rKz93l7em1BsUBzjHPMsswDal74MLaJyhQD0pE23NS1izahbo1sJGnSJu2VJ  zxidSsba6xa6OvmeiKTwCz0E5GMefdGVdpdbTlv99qjBl1 Nw1tDnHIC0 v9XmeZERQfCds9Kp1UivfReoYImntBCgLtNyqRYrSu8csJCt7E1oY8QK6WP1vfYgAQ2taGyS9 g7FHyyf5VY2vH3oWzzbqzxjsSLAv3zEQSm1LzSw9Pvc8iwasFyUMBOPj31CKQYTXyX8KpJTr0Zb7oqMauBE5LVwxZhlcJHbj0FsMbF  GRjvgexymCi3bHmwGQ6FEADNd0RkhdQ   username domainname

User · Answer

After adding key  login as ec2-user if you are using an Amazon Linux machine

User · Answer

I encountered this problem today and my issue was that when copying the public key from file  new line characters are included as well  You can use   set list  in vim to see all the hidden new lines and make sure to delete all the new lines except for the last one  Also  my key was missing  ssh-rsa   in the beginning  Make sure you have that as well

User · Answer

I m adding this answer to help anyone  like me  who spent hours scouring the internet without success   YOUR HOME FOLDER MIGHT BE ENCRYPTED    Or for that matter any folder in which your  authorized keys  file is nested  Man  that would have saved me a lot of time  To check  go perform  ls -A   on the directory whose encryption status you would like to determine  If the folder contains a folder named   encryptfs  the answer is  yes  that folder is encrypted  This will impede your ability to access the  authorized keys  file containing the public ssh key needed for verification    To fix this  place the  authorized key  file in a directory tree that contains no encryption

User · Answer

What works for me is that    Stopped the ec2 instance detach the volume attach the volume with the old instance using the same key and was able to SSH mount the volume in some temp folder checked the file in the directory mount point home ec2-user  ssh authorized keys   Ideally  this file needs to have our key information but for me this file was empty  copied the old instance authorized keys file to the newly mounted volume unmount the device reattach to the original ec2 instance start it and let it pass the health checks   This time it works for me  But I don t know why it doesn t have my key file information at first when the instance was launched  Check this link too https   docs aws amazon com AWSEC2 latest UserGuide TroubleshootingInstancesConnecting html TroubleshootingInstancesConnectingMindTerm

User · Answer

Oh my God I spent days trying to fix this  So here is what worked for me  I went back to the root fold like this  cd  root  mkdir  ssh cd  ssh chmod 700  ssh nano -w authorized keys service ssh restart  So I used root to logging via Putty and it worked  so try to do the same with the user you want to use in putty

User · Answer

I was facing similar issue when trying to logon through Mobaxterm  The private key was generated through puttygen  Regenerating the key helped in my case

User · Answer

The simple solution i found was to move the authorized keys file away from the hidden  ssh directory and put it in the system ssh directory    etc ssh keys authorized keys   As soon as I did this it worked with no problems

User · Answer

I have solved this problem puttygen is a third-party software  ssh key which generated by it didn t be used directly  so you must make some changes  For example  it look like this       ---- BEGIN SSH2 PUBLIC KEY ---- Comment   rsa-key-20170502  AAAAB3NzaC1yc2EAAAABJQAAAQEAr4Ffd3LD1pa7KVSBDU lq0M7vNvLp6TewkP7        C4eq1cdJACBPyjqUCoz00r LqkGA6sIFGooeVuUXTOxbYULuNQ   ---- END SSH2 PUBLIC KEY ----    I omit some of the alphabets in the middle  replaced by    if not  StackOverflow told me that the code format is wrong  do not let me post   this is my ssh key generated by puttygen  you must change to this  ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAr4Ffd3LD1pa7KVSBDU lq0M7vNvLp6TewkP7wfvKGWWR7wxA8GEXJsM01FQw5hYWbNF0CDI7nCMXDUEDOzO1xKtNoaidlLA0qGl67bHaF5t 0mE dZBGqK7jG9L8 KU b66 tuZnqFqBjLkT lS8MDo1okJOScuLSilk9oT5ZiqxsD24sdEcUE62S8Qwu7roVEAWU3hHNpnMK 1szlPBCVpbjcQTdiv1MjsOHJXY2PWx6DAIBii  N IdGzoFdhq Yo RGWdr1Zw LSwqKDq1SmrpToW9uWVdAxeC4eq1cdJACBPyjqUCoz00r LqkGA6sIFGooeVuUXTOxbYULuNQ   yourname hostname   In my case  I have deleted some comments  such as   ---- BEGIN SSH2 PUBLIC KEY ---- Comment   rsa-key-20170502  ---- END SSH2 PUBLIC KEY ----   and add ssh-rsa at the beginning   add yourname hostname at the last   note  not delete   in the last and you must change  yourname  and  hostname  for you  In my case  is uaskh mycomputer yourname is that you want to log in your vps  when all these things have  done you could to upload public-key to uaskh s home   ssh authorized keys by cat public-key  gt  gt     ssh authorized keys then sudo chmod 700    ssh sudo chmod 600    ssh authorized keys then you must to modify  etc ssh sshd config  RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile  ssh authorized keys my operating system is CentOS 7 This is my first time to anwser question I will try my efforts to do  Thank you

User · Answer

For those receiving this error from Windows Server  I received this same error and it was a user account issue  With many organizations  group policy for Administrators may not allow setting up SSH Server and connections  With that type of setup  this must be done from Local Admin account  Might be worth looking into if you have confirmed there are not any typos in the public key

[ssh] Putty: Getting Server refused our key Error

Examples related to ssh

Examples related to putty