I have a 12.10 server setup in a virtual machine with its network set to bridged (essentially will be seen as a computer connected to my switch).
I installed opensshd via apt-get and was able to connect to the server using putty with my username and password.
I then set about trying to get it to use public/private key authentication. I did the following:
- Generated the keys using PuttyGen.
- Moved the public key to
/etc/ssh/myusername/authorized_keys(I am using encrypted home directories). Set up
sshd_configlike so:PubkeyAuthentication yes AuthorizedKeysFile /etc/ssh/%u/authorized_keys StrictModes no PasswordAuthentication no UsePAM yes
When I connect using putty or WinSCP, I get an error saying No supported authentication methods available (server sent public key).
If I run sshd in debug mode, I see:
PAM: initializing for "username"
PAM: setting PAM_RHOST to "192.168.1.7"
PAM: setting PAM_TTY to "ssh"
userauth-request for user username service ssh-connection method publickey [preauth]
attempt 1 failures 0 [preauth]
test whether pkalg/pkblob are acceptable [preauth[
Checking blacklist file /usr/share/ssh/blacklist.RSA-1023
Checking blacklist file /etc/ssh/blacklist.RSA-1023
temporarily_use_uid: 1000/1000 (e=0/0)
trying public key file /etc/ssh/username/authorized_keys
fd4 clearing O_NONBLOCK
restore_uid: 0/0
Failed publickey for username from 192.168.1.7 port 14343 ssh2
Received disconnect from 192.168.1.7: 14: No supported authentication methods available [preauth]
do_cleanup [preauth]
monitor_read_log: child log fd closed
do_cleanup
PAM: cleanup
Why is this happening and how can I fix this?
Problem solved:
Looks like there was a problem with my public key file. PuttyGen will create a public key file that looks like:
However, this will not work, so what you need to do is to open the key in PuttyGen, and then copy it from there (this results in the key being in the right format and in 1 line):
Paste this into
authorized_keysthen it should work./etc/ssh/sshd_configfile.PasswordAuthenticationandChallengeResponseAuthenticationtoyes.3a. Restart ssh
/etc/init.d/ssh restart.OR
3b. better you use
service sshd restartJust a tip I hope may help someone else with the headaches I had. F21 is right that you need to copy the key out of the PuTTYGen window instead of saving the file, but after copying, the way you paste may have significant impact on whether your key will work or not. Some editors will alter the text as you paste, or do something with newlines or something that makes the authorized_keys file invalid.
What I have found to be the least likely to break is to echo the full string and redirect the output to the file. Right-clicking in PuTTY to paste the key string to the commandline, it works out like this (with the example given above):
You'll end up with this:
Another advantage of this method is that you can add multiple keys this way by using >> to append instead of > to overwrite, eg:
Hope that helps someone.
We were already using the right type of key (ppk instead of pem).
In our case, it was a problem with the file permissions for authorized_keys on the server user folder. It has to be
-rw-r--r--... It was-rw-rw-r--.SSH is very finicky about file perms.
Check file permissions using:
You can fix them if necessary with:
SOLVED:
In my case the reason was that private key file (.ppk) had been removed in Putty authentication agent i.e. Pageant. I just updated it again to Pageant there and connection worked perfectly after that.