SSH Public/Private Key Issue

First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem…

Image: Ubuntu 12.04

So, the good news:

I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).

The Bad News:

No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the Securing Your Server - Using SSH Key Pair Authentication to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it).

I used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.

I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.

I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?

21 Replies

When exporting your key out of PuttyGen to upload to your server, did you convert it to OpenSSH format? It needs to be in this format so you can use it on your Linode (or any Linux system for that matter).

-Tim

@theckman:

When exporting your key out of PuttyGen to upload to your server, did you convert it to OpenSSH format? It needs to be in this format so you can use it on your Linode (or any Linux system for that matter).

-Tim

No, I didn't (none of the guides made mention of that). I just went in and loaded my private key and then went to "Conversions -> Export OpenSSH Key" and created a new public key file. I deleted everything under my user .ssh directory (rm -r .ssh) and repeated steps 4 - 6 to install the file and set permissions.

Logged out, connected - still prompted for a username and password.

That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.

If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.

-Tim

@DigitalNoise:

First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem…

Image: Ubuntu 12.04

So, the good news:

I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).

The Bad News:

No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the Securing Your Server - Using SSH Key Pair Authentication to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it).

I used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.

I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.

I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?

Search for my name In the forums I created a step by step guide for doing this about a month ago

@theckman:

That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.

If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.

-Tim

Hi Tim, can you use the write up I done awhile back? there is a tone of info missing in the linode wiki for setting up public keys.

http://forum.linode.com/viewtopic.php?t … t=kyrunner">http://forum.linode.com/viewtopic.php?t=8697&highlight=kyrunner

@theckman:

That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.

If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.

-Tim

I'm sorry - in my original reply I meant that I went and tried that after reading your suggestion, and I'm still not having any luck. It still seems to just ignore the fact that there's any key file there at all.

@kyrunner:

@DigitalNoise:

First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem…

Image: Ubuntu 12.04

So, the good news:

I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).

The Bad News:

No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the Securing Your Server - Using SSH Key Pair Authentication to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it).

I used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.

I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.

I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?

Search for my name In the forums I created a step by step guide for doing this about a month ago

I haven't had a problem creating the key file or getting it uploaded and into the right directory with the right permission's - Linode's guide is quite clear about those parts.

My issue is that Ubuntu just seems to ignore the fact that there's any key file there at all.

run this command on your authorized_key file.

ls -l authorized_keys

@kyrunner:

run this command on your authorized_key file.

ls -l authorized_keys

[email protected]:~/.ssh$ ls -l authorized_keys                                                    
-rw------- 1 blah blah 963 May 22 00:40 authorized_keys 

@DigitalNoise:

@kyrunner:

run this command on your authorized_key file.

ls -l authorized_keys

[email protected]:~/.ssh$ ls -l authorized_keys                                                    
-rw------- 1 blah blah 963 May 22 00:40 authorized_keys 

run this command grep -v "^#" /etc/ssh/sshd_config

@kyrunner:

@DigitalNoise:

@kyrunner:

run this command on your authorized_key file.

ls -l authorized_keys

[email protected]:~/.ssh$ ls -l authorized_keys                                                    
-rw------- 1 blah blah 963 May 22 00:40 authorized_keys 

run this command grep -v "^#" /etc/ssh/sshd_config

[email protected]:~$ grep -v "^#" /etc/ssh/sshd_config | more                                      

Port 22                                                                                             
Protocol 2                                                                                          
HostKey /etc/ssh/ssh_host_rsa_key                                                                   
HostKey /etc/ssh/ssh_host_dsa_key                                                                   
HostKey /etc/ssh/ssh_host_ecdsa_key                                                                 
UsePrivilegeSeparation yes                                                                          

KeyRegenerationInterval 3600                                                                        
ServerKeyBits 768                                                                                   

SyslogFacility AUTH                                                                                 
LogLevel INFO                                                                                       

LoginGraceTime 120                                                                                  
PermitRootLogin yes                                                                                 
StrictModes yes                                                                                     

RSAAuthentication yes                                                                               
PubkeyAuthentication yes                                                                            

IgnoreRhosts yes                                                                                    
RhostsRSAAuthentication no                                                                          
HostbasedAuthentication no                                                                          

PermitEmptyPasswords no                                                                             

ChallengeResponseAuthentication no                                                                  

X11Forwarding yes                                                                                   
X11DisplayOffset 10                                                                                 
PrintMotd no                                                                                        
PrintLastLog yes                                                                                    
TCPKeepAlive yes                                                                                    

AcceptEnv LANG LC_*                                                                                 

Subsystem sftp /usr/lib/openssh/sftp-server                                                         

UsePAM yes                                                                                          

I had to pipe it to more so I could copy/paste as I'm having to use the LISH Ajax console because Port 22 is blocked at work - I have a feeling that pretty much every port is going to be.

This is the default file - I've not made any changes to it as yet.

I have at least gotten to this point:

Using username "blah".
Server refused our key
[email protected]'s password:

By disabling the use of Pagent in PuTTY.

Still don't understand why the keys are not being accepted. I've done research and I've done everything exactly the way many other sites indicate to set this up, but it doesn't work.

I had a similar problem a while back on a fedora 15 install…

The home folder for the user should have permissions

drwx------

The .ssh directory within the user home folder may need permissions

dr-x--x--x or dr-x------

the authorized_keys file within the .ssh directory in the home folder may need permissions (once modified)

-r-------

Finally got it to work…

There is either an issue with PuTTYgen generating valid public SSH keys or with Ubuntu 12.04 accepting them, because:
3. Rebooted into my local Ubuntu 10.10 install

  1. Ran ssh-keygen from the local console

  2. Performed steps 4 - 6 from the Linode Library guide to install the public key

  3. Tested from my local Ubuntu install - success!

  4. Rebooted back into Windows 7

  5. Imported private key generated from ssh-key into PuTTYgen

  6. Exported private key in PuTTY format

  7. Configured PuTTY to use key file from step 7.

  8. ?

  9. Profit!

Not sure which one would be at fault here, but at least it's working now.

I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.

Did the trick for me after some frustration so thanks for posting your solution!

@ggrigery:

I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.

Did the trick for me after some frustration so thanks for posting your solution!

Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.

Glad it's working though.

@sednet:

@ggrigery:

I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.

Did the trick for me after some frustration so thanks for posting your solution!

Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.

Glad it's working though.

I'm more curious as to why Ubuntu 12.04 isn't generating the correct key or format out of the box. I made a post on the Ubuntu official forums but there were only crickets (and, considering those forums… not surprising).

@DigitalNoise:

@sednet:

@ggrigery:

I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.

Did the trick for me after some frustration so thanks for posting your solution!

Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.

Glad it's working though.

I'm more curious as to why Ubuntu 12.04 isn't generating the correct key or format out of the box. I made a post on the Ubuntu official forums but there were only crickets (and, considering those forums… not surprising).

I'm more curious as to why Ubuntu 12.04 isn't generating the correct key

It's a different product?

The Ubuntu forums have always been great for me.

@DigitalNoise:

@sednet:

@ggrigery:

I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.

Did the trick for me after some frustration so thanks for posting your solution!

Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.

Glad it's working though.

I'm more curious as to why Ubuntu 12.04 isn't generating the correct key or format out of the box. I made a post on the Ubuntu official forums but there were only crickets (and, considering those forums… not surprising).

Neither Ubuntu nor Putty are using keys wrong, they are just using different key formats.

SSH on Ubuntu 12.04 generates OpenSSH formated keys, it does the same as every other Linux and *BSD. If you want to use key authentication with putty you need to convert them into the .ppk format that putty uses either with puttygen or ssh-keygen.

Tried to convert my keys to the OpenSSH format, still cannot FTP to this.

I'm almost to give up this linode.

Server refused our key

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct