Arch Linux

keale

Member

Registered: 2021-10-18

Posts: 4

Server refused our key if using PuTTy. SSH from GIT Bash is possible

I am trying to add my SSH public key to an ArchLinux server and connect to PuTTy. The private key has the format .ppk and is loaded into PuTTy Session. This way the key works fine for many Linux and one FreeBSD machine. But here I get the error message

 "Server refuses our key". 

When I try to connect from a git bash, I get the message

  "load pubkey "....../id_rsa": invalid format"

but the SSH connection is established anyway.
What could be the problem in case of PuTTy?

Morta

Member

Registered: 2019-07-07

Posts: 655

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

A downgrade of the ssh server can be a solution but look in the forum. Have some other user which have the same problem with rsa keys and the newest ssh-server of arch linux. Its also a problem of putty.

Last edited by Morta (2021-10-18 17:25:36)

GeorgeJP

Member

From: Czech Republic

Registered: 2020-01-28

Posts: 186

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

You should generate new key (in puttygen.exe) and select type ECDSA.
RSA keys are not more accepted by archlinux.

keale

Member

Registered: 2021-10-18

Posts: 4

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

You should generate new key (in puttygen.exe) and select type ECDSA.
RSA keys are not more accepted by archlinux.

Thank you very much for this suggestion and background info. Unfortunately,  the same error message appears.

GeorgeJP

Member

From: Czech Republic

Registered: 2020-01-28

Posts: 186

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

To be clear: are you trying connect from M$ Windows machine via Putty to Archlinux?

keale

Member

Registered: 2021-10-18

Posts: 4

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

Yes, from Win10 Pro, V21H1, PuTTy Release 0.70

GeorgeJP

Member

From: Czech Republic

Registered: 2020-01-28

Posts: 186

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

PuTTy Release 0.70

Current version is 0.76

I am using Putty frequently to connect to wide range of linux boxes. Some time ago (not long) it starts rejecting [ssh-rsa] keys for archlinux connections. Debian based boxer are not affected.
I think, it is some hardening stuff and puttygen is not able generate currently valid [ssh-rsa] key or archlinux sshd is not accepting it.
I switch to using [ecdsa-sha2-nistp256] key in Putty and it works for me.
Are you sure, that you replace old [ssh-rsa] keys with [ecdsa-sha2-nistp256] in your Putty configs (or in Pageant, if you using it)?
Also [authorized_keys] files on target machines must be updated with new key.

stu

Member

Registered: 2021-10-19

Posts: 4

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

RSA keys are still perfectly fine.
It's the ssh-rsa key signature algorithm that is no longer accepted by default*, but the same RSA key can be used to do rsa-sha2-256 or rsa-sha2-512, but only if client and server both support it.

* it can be re-enabled in sshd_config / ssh_config, but of course the better option, if possible, is to update old servers and clients.

Last edited by stu (2021-10-19 21:01:00)

progandy

Member

Registered: 2012-05-17

Posts: 5,190

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

RSA keys are still perfectly fine.
It's the ssh-rsa key signature algorithm that is no longer accepted by default, but the same RSA key can be used to do rsa-sha2-256 or rsa-sha2-512, but only if client and server both support it.

putty should have support since 0.75. (0.70 as used by OP is too old).

---

| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

keale

Member

Registered: 2021-10-18

Posts: 4

Re: Server refused our key if using PuTTy. SSH from GIT Bash is possible

After updating PuTTy to current V.0.76 it works fine with RSA Key! Thanks a lot!