You are not logged in.
I'm playing with OpenSSH for access from a Windows2000 machine. (I have samba running for file access already)
I can login via SSH so long as I do it with a username and password. Trying to do this via private and public keys gives me nothing but "Server Refused Our Key" errors.
I generated a key set using puttygen on the Windows machine. I logged into the server, created an .ssh directory in my home directory, added an authorized_keys file, pasted the public key into that file, saved it, set its permissions to 600, changed the .ssh directory permissions to 700.
I have tried this with and without passphrase, just to make sure that's not causing an issue. There is no difference. I also tried a reverse strategy, creating the keyset on the arch machine with keygen and copying the private key to the windows machine; no change.
I have changed the sshd_config to set Protocol to 2; I also set up a different port.
I must be missing something obvious, but I have no idea what it is. Anyone have any ideas?
Offline
The file on the linux box should be ~/.ssh/authorized_keys2
You are right that the permissions on the private identity file should not be world readable/writeable and the authorized_keys2 file should be world readable but not writeable.
You can try things in a ~/.ssh/config file like this:
Ciphers blowfish-cbc,arcfour,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Cipher blowfish
Offline
I thought the authorized_keys2 was the old version, but I created it anyway, no change.
I tried the other code, it complained that the Cipher line was wrong, so I took it out.
I then tried to start it with the resulting config file. It says:
Could not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
So then I tried this using the standard config file sshd_config and got the same thing. There are keys in all of these files, but they are owned by root and have rw to root only, which would seem to be as it should be. sshd is already running, so how that all fits into things is beyond me at this time in the morning....
Offline
authorized_keys will work just fine. I just tested it, and it worked fine. here are the steps:
generated a key with puttygen
saved the private key
paste the pubkey into authorized_keys file on the server
choose the saved private key to use in putty (connection->ssh->auth)
set your "auto login user" (in connection->data)
should work just fine. If you forget to choose "auto login user", then it asks for your username every time..
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
The first time you start the sshd it should create the key files.
Here is how my /etc/ssh directory permissions are set:
-rw-r--r-- 1 root root 132839 2005-05-31 17:42 moduli
-rw-r--r-- 1 root root 1292 2005-05-31 21:14 ssh_config
-rw------- 1 root root 668 2005-03-15 17:25 ssh_host_dsa_key
-rw-r--r-- 1 root root 599 2005-03-15 17:25 ssh_host_dsa_key.pub
-rw------- 1 root root 524 2005-03-15 17:25 ssh_host_key
-rw-r--r-- 1 root root 328 2005-03-15 17:25 ssh_host_key.pub
-rw------- 1 root root 883 2005-03-15 17:25 ssh_host_rsa_key
-rw-r--r-- 1 root root 219 2005-03-15 17:25 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 2856 2005-05-31 21:16 sshd_config
Did you specify '-t rsa' when you created the id files?
Offline
I have gone through the setup process that cactus describes, that has been unsuccessful. My file permissions are as shown by colnago, and I did use the -t rsa language when I set up the keys. I ran it all again just to be sure. I still get "Server refused our key".
I'm going to remove openssh and the configuration files and start from scratch, see what happens.
This couldn't be related to the error messages that the update to procps is giving, could it?
Offline
I don't usually ssh from a windows box, so I tried using putty from XP and I had the same problem as you (the key works linux-to-linux). It seems like there is a putty setting that is preventing the key from working.
Offline
what things do you have set in putty?
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
I just used the defaults mostly. A few changes like pointing at the key and allowing X11 forwarding. Then I tried changing things when the key didn't work. Maybe the file permissions have to be world-not-readable on the windows side. Is this a problem for windows? I wonderr if there is a putty forum, the key passing must work or they would not have the config all set up to use them.
Offline
I got it to work just fine. no magic, no extra config settings except for the ones I listed.
Try creating a new key, and a clean putty config.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
I set up ssh to run in debug3, and parsed through the output. (I'm sure there's a better way to do it, but I just edited /etc/rc.d/sshd and added -d -d -d after the && /usr/sbin/sshd line, then did a /etc/rc.d/sshd start 2> /home/somefile so I could look at it at my comfortable windows station rather than in the closet with the server .
It reported a problem with the keytype, so I went back and checked. Somehow when I cut and pasted the key, it truncated the first "s" in "ssh-rsa", but being new to the key thing, I never noticed it. Since I've cut and pasted different keys a number of times, and this same error apparently happened in each of those cases, I'll have to figure out how it happened.
I edited authorized_keys to put in the leading "s", and have an instant login.
Offline