Home / ubuntu / Questions / 705432
In Process
Berry Tsakala
Asked: 2015-12-04 02:18:22 +0800 CST

putty key -> connection refused (permissions OK, /var/log/auth.log is empty)

  • 772

I already checked here: Trying to do ssh authentication with key files: server refused our key

and I did all these:

*new:

  • generated key(s) via ssh-gen in a Linux client.
    • added the public key to the server via ssh-copy

now I don't see any error message, here's ssh -vvv:
http://pastebin.com/Cxspz5P3

Could it be that there's an order to the authentication process, but the server first tries to verify password, instead of trying out the publickey?

Original post: what I tried so far:

  • generated key(s) via puttygen (v.2015-12-03) in the windows client:

    • 2048 bits, and tried also key-pair with 1024 bits

  • copied "openssh public key" in 1 line format from puttygen,

    • the line that looks like:

      ssh-rsa xxxx... ==

    • pasted it to the ubuntu server to ~/.ssh/authorized_keys

    • one line for the 2048 bit key, additional line for the 1024 bit key

  • I changed the file permissions like so:

    chmod 700 ~/.ssh
chmod 600 authorized_keys
chmod 700 ~
chown -R $USER.$USER ~/

  • putty session settings:

    • 'connection' > 'data' > 'username' > myuser

    • 'connection' > 'ssh' > 'auth' > the PPK file

  • tried with both 2048 bit and 1024 keys (with their respective public keys)

  • tried also from localhost (ssh -i .ssh/mykey myuser@localhost) – got the same /var/log/auth error:

    Failed publickey for (myuser) from ::1 port 50087

  • increased log level of /etc/sshd_config: LogLevel VERBOSE (is there higher value?) on the server, and restarted. /var/log/auth.log now gives:

    **Failed publickey for** myuser from xx.xx.xx.xx port xx: RSA xx:xx:xx...

systems:

  • tried to connect from:
    • from windows (putty 2015-12-3, key is PPK)
    • from linux/mint 17 (via ssh, openssh key)
  • server: Ubuntu 14.04.2 LTS
  • keys generated by puttygen on windows (v.2015-12-03)
  • also tried with "kitty" (a putty fork)
  • ssh with password - works. always.

tail -f /var/log/auth.log isn't showing anything for failed logins, only for successful and for logouts.

Can it be cured?

is there another way to diagnose the problem?

Q&A:

Q. What is a "data" connection? Why didn't you use "ssh" in both cases?

A. it's just the section's name in putty config.

Q. cat /etc/ssh/sshd_config|grep -i author

A. AuthorizedKeysFile ~/.ssh/authorized_keys

Q. ls -lZ .ssh (on the server)

drwx------ 2 myuser myuser ? 4096 Dec  5 12:28 .   <---- the .ssh dir
-rw-r--r-- 1 myuser myuser ?  666 Dec  5 12:29 known_hosts
-rw------- 1 myuser myuser ? 1671 Dec  3 12:07 mykey.ssh
-rw------- 1 myuser myuser ?  608 Dec  3 11:47 authorized_keys
ssh

2 Answers

  1. A less error-prone way of converting public key formats than manually removing the headers and line-breaks is using ssh-keygen like this:

    ssh-keygen -i -f publickeywithheaders.pub

    It should output what can be appended to the authorized_keys file.

    • 2

  2. I have come across this before in PuTTY, where the public key is written like this (like in your linked question):

    ---- BEGIN SSH2 PUBLIC KEY ----
Comment: "user@computer"
ssh-rsa blah1blah2blah3blah4
blah5blah6blah7blah8
blah9blah10blah11blah12
blah13blah14=user@computer
---- END SSH2 PUBLIC KEY ----

    As you know, it needs to be one line, the one starting with ssh-rsa. That is, delete the "BEGIN" line, the "comment" line, and the "END" line.

    However, I am not sure if you did this:

    ssh-rsa blah1blah2blah3blah4

    What you need to do is this:

    ssh-rsa blah1blah2blah3blah4blah5blah6blah7blah8blah9blah10blah11blah12blah13blah14=user@computer

    (i.e. copy all four lines containing the key AND delete the line breaks)

    • 1