Key is correct, but refused

Advertisement

WhiteTiger-IT
Joined:
Posts:
2
Location:
Italia

Key is correct, but refused

I generated an SSH key with PuTTYGen.
I copied authorized_keys to the debian server and the private .ppk key to the PC.
If from the linux terminal I launch an SSH session I can connect without errors.
If instead I try to connect from PuTTY (both from Win10 and Linux) I get the error Server refused our key.
I have tried several times, even generating different keys, with length 2048 and 4096.
I don't understand where I'm wrong.
Until I am sure that the key is always accepted, I obviously cannot block access with passwords.

This is the log of the last session.
PuTTY didn't accept the key, but he accepted the user's login.
2020-06-18 10:51:53   Looking up host "192.168.201.11" for SSH connection
2020-06-18 10:51:53   Connecting to 192.168.201.11 port 1022
2020-06-18 10:51:53   We claim version: SSH-2.0-PuTTY_Release_0.73
2020-06-18 10:51:53   Remote version: SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
2020-06-18 10:51:53   Using SSH protocol version 2
2020-06-18 10:51:53   No GSSAPI security context available
2020-06-18 10:51:53   Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
2020-06-18 10:51:53   Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
2020-06-18 10:51:53   Host key fingerprint is:
2020-06-18 10:51:53   ssh-ed25519 255 d8:8f:87:27:ca:87:01:86:20:6e:9e:a0:14:b7:d4:21
2020-06-18 10:51:53   Initialised AES-256 SDCTR (unaccelerated) outbound encryption
2020-06-18 10:51:53   Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
2020-06-18 10:51:53   Initialised AES-256 SDCTR (unaccelerated) inbound encryption
2020-06-18 10:51:53   Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
2020-06-18 10:51:53   Reading key file "L:\Chiavi-SSH\LS-ULHQ-1-PuTTY-Private-Key.ppk"
2020-06-18 10:51:53   Writing new session log (raw mode) to file: putty.log
2020-06-18 10:52:04   Offered public key
2020-06-18 10:52:04   Server refused our key
2020-06-18 10:52:04   Attempting keyboard-interactive authentication
2020-06-18 10:52:18   Access granted
2020-06-18 10:52:18   Opening main session channel
2020-06-18 10:52:18   Opened main channel
2020-06-18 10:52:18   Allocated pty
2020-06-18 10:52:18   Started a shell/command

This is the sshd-config
Port 1022
ListenAddress 0.0.0.0
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile   .ssh/authorized_keys .ssh/authorized_keys2
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem   sftp   /usr/lib/openssh/sftp-server

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
33,710
Location:
Prague, Czechia

Re: Key is correct, but refused

How do you authenticate "from the linux terminal"?

Reply with quote

WhiteTiger-IT
Joined:
Posts:
2
Location:
Italia

martin wrote:

How do you authenticate "from the linux terminal"?
Simply by using ssh
I created a config file with the indications of the various servers and where the private key is located on my PC, then I type ssh Host-Name
For example (in this Host-Name=server1):
Host server1
     HostName 192.168.100.100
     User user1
     IdentityFile ~/.ssh/server1.key

In this way, with ssh server1 first I have to type the key password; then I have to type the password of user1; then, if I need it, I type su - and I have to type the password for the root.
Obviously without any error.

Instead, if I connect to the same server from putty (using the ppk key), it first gives me an error Server refused our key, then immediately asks me for the password of user1.

Reply with quote

martin
Site Admin
martin avatar

Can you authenticate using server1.key (or its .ppk equivalent) using any SSH/SFTP client on that Windows machine?

Reply with quote

Advertisement

You can post new topics in this forum