Bitcoin Forum
November 11, 2024, 08:11:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Putty + Ubuntu +SSH + Public/Private Keys = Not Working (Server refused our key)  (Read 23471 times)
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 23, 2011, 12:56:27 PM
 #1

So I've followed numerous tutorials online, but each time I got Server refused our key:

I tried creating the keys with Puttygen and I also tried creating them on the server and converting private through Puttygen, but to no avail.

Anyone managed to connect via SSH with keys? A tutorial that works will be highly appreciated.
Rob P.
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
July 23, 2011, 01:53:50 PM
 #2

Um, connect to WHAT exactly?  A random server?

When using Putty to SSH into an Ubuntu box, you should know 3 things:

1)  SSH server needs to be installed on Ubuntu (it isn't by default):  sudo apt-get install openssh-server
2)  You won't need to generate any keys
3)  You will just use Putty to connect via SSH to the IP address of the server

If the above is working, and you now want to use public/private keys to connect, instead of a password, then follow this tutorial:

http://blog.padraigkitterick.com/2007/09/16/using-putty-ssh-keys-with-openssh-on-ubuntu

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 23, 2011, 03:25:32 PM
 #3

Connect from my Windows machine to my Ubuntu mining rig. I have no troubles connecting with username and password, but I would like to make it even easier and conect with a public-private keys.

So looking at your link I see it says to install Putty on the Linux machine just so it can convert the Putty generated key to a Linux key. But it doesn't say where to generate puttykey.ppk

Can you elaborate on the tutorial please. I'm unsure of what to do.
WakiMiko
Newbie
*
Offline Offline

Activity: 59
Merit: 0



View Profile
July 23, 2011, 05:47:53 PM
 #4

make sure the file permissions of authorized_keys is set to 600 and owned by the user you are using to connect or openssh will refuse to use it.
Rob P.
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
July 23, 2011, 06:20:00 PM
 #5

First:

After you've created your putty key under Windows (puttykey.ppk), copy it to your Ubuntu server.  We'll assume you have it in your home directory on your Ubuntu server which is ~/.

So, that file is now ~/puttykey.ppk

On your Ubuntu box, run a terminal (or SSH in from your Windows box) and:

Code:
sudo apt-get install putty

When that's done, you now have putty on Ubuntu.  Next do:

Code:
puttygen ~/puttykey.ppk -L > ~/.ssh/id_rsa.pub

If you're not familiar with Unix/Linux then you won't realize this, but the key output is being redirected to a file named "id_rsa.pub" in the .ssh directory in your home directory on the Ubuntu server.

Finally, create the private key on Ubuntu using:

Code:
puttygen ~/puttykey.ppk -O private-openssh -o ~/.ssh/id_rsa

Now you should be able to do public key logins to Ubuntu.  You MAY still have an issue due to permissions, so I'd recommend also doing:

Code:
chmod 700 .ssh
chmod 600 .ssh/id_rsa*

Good luck.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 23, 2011, 06:45:30 PM
 #6

I'm somewhat familiar with Linux so can read and understand commands, but it's something else I can't understand: usually Puttygen can create 2 keys - public and private and the private ends in .ppk

So your tutorial says to copy the private key generated in Windows to the Ubuntu machine and transform it into Ubuntu style key (id_rsa.pub) which is a public key.

I'm well aware that the private key stays with the client (Windows) and the public with the server (Ubuntu), so your tutorial is confusing to me. Also your tutorial says to use the same key to create the public and private keys - are you sure about that?

Have you used that method yourself?

Thank you.
WakiMiko
Newbie
*
Offline Offline

Activity: 59
Merit: 0



View Profile
July 23, 2011, 07:46:27 PM
 #7

First:

After you've created your putty key under Windows (puttykey.ppk), copy it to your Ubuntu server.  We'll assume you have it in your home directory on your Ubuntu server which is ~/.

So, that file is now ~/puttykey.ppk

On your Ubuntu box, run a terminal (or SSH in from your Windows box) and:

Code:
sudo apt-get install putty

When that's done, you now have putty on Ubuntu.  Next do:

Code:
puttygen ~/puttykey.ppk -L > ~/.ssh/id_rsa.pub

If you're not familiar with Unix/Linux then you won't realize this, but the key output is being redirected to a file named "id_rsa.pub" in the .ssh directory in your home directory on the Ubuntu server.

Finally, create the private key on Ubuntu using:

Code:
puttygen ~/puttykey.ppk -O private-openssh -o ~/.ssh/id_rsa

Now you should be able to do public key logins to Ubuntu.  You MAY still have an issue due to permissions, so I'd recommend also doing:

Code:
address
chmod 700 .ssh
chmod 600 .ssh/id_rsa*

Good luck.

I'm pretty sure that is completely wrong since the id_rsa* files .ssh are the public/private key files of THAT machine, and do not specify which public key is allowed to connect. They would only be used if you ssh'd from that machine to somewhere else. Furthermore there should be no need to create ANY keys whatsoever on the host machine.

Rather, you want to append your public key you created with putty on your client machine to the authorized_keys file in the ~/.ssh directory on the host machine. If that file does not exist create it and then run "chmod 600 authorized_keys". Depending on the format putty uses you might have to convert it to the openssh format first. There should be one key per line in the authorized_keys file, e.g. it should look similar to this:

Code:
ssh-rsa AAA[lots of characters]== bla@foo

So basically: append the .pub file you created on the client machine to the authorized_keys file of the host machine
Rob P.
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
July 24, 2011, 12:45:32 AM
 #8

I'm pretty sure that is completely wrong since the id_rsa* files .ssh are the public/private key files of THAT machine, and do not specify which public key is allowed to connect. They would only be used if you ssh'd from that machine to somewhere else. Furthermore there should be no need to create ANY keys whatsoever on the host machine.

Nope.  They're the converted public/private key pair from the Windows computer.  He didn't run ssh-keygen, hence he doesn't HAVE a public/private key pair for the Ubuntu system.

Rather, you want to append your public key you created with putty on your client machine to the authorized_keys file in the ~/.ssh directory on the host machine. If that file does not exist create it and then run "chmod 600 authorized_keys". Depending on the format putty uses you might have to convert it to the openssh format first. There should be one key per line in the authorized_keys file, e.g. it should look similar to this:

Code:
ssh-rsa AAA[lots of characters]== bla@foo

So basically: append the .pub file you created on the client machine to the authorized_keys file of the host machine

Yea, that's what I told him to do.  The problem is that he has a combined key created by Putty.

Putty under Windows just generates a .ppk file.  
You can read more here:  http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-ssh2-keyfmt

The instructions allow you to take that .ppk file and convert it to a valid OpenSSH public/private key pair (the id_rsa.pub and id_rsa).

You are right however, there is a step missing:

Code:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

That puts the public key into the authorized_keys file as a public/private key pair that is allowed to connect to the account.  In fact, after you do that step you can actually delete the id_rsa and id_rsa.pub if you wish, because they ARE for the Windows system.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 24, 2011, 01:52:53 AM
 #9

Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.
MiningBuddy
Hero Member
*****
Offline Offline

Activity: 927
Merit: 1000


฿itcoin ฿itcoin ฿itcoin


View Profile
July 24, 2011, 02:44:12 AM
 #10

CYPER, use this guide: http://www.server-world.info/en/note?os=Ubuntu_11.04&p=ssh&f=2
I've used it to setup everyone of my ubuntu boxes and you don't have to install putty or puttygen on the remote host, takes 10mins tops to get setup.

WakiMiko
Newbie
*
Offline Offline

Activity: 59
Merit: 0



View Profile
July 24, 2011, 09:45:59 AM
Last edit: July 24, 2011, 03:21:28 PM by WakiMiko
 #11

Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.

You NEVER move a private key to another machine. You also generate keys only ONCE, and only on CLIENT machine.

1) Create a KEY PAIR using putty on your client machine

2) Copy the PUBLIC KEY to the Ubuntu machine

3) Convert the PUBLIC KEY on the Ubuntu machine into OPENSSH FORMAT

4) Append the OPENSSH PUBLIC KEY to the authorized_keys file in the ~/.ssh/ directory


Step 1) is done on the client machine, step 2) is sorta inbetween and 3) and 4) are done on the host machine.
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 24, 2011, 02:20:21 PM
 #12

CYPER, use this guide: http://www.server-world.info/en/note?os=Ubuntu_11.04&p=ssh&f=2
I've used it to setup everyone of my ubuntu boxes and you don't have to install putty or puttygen on the remote host, takes 10mins tops to get setup.

I did everything exactly by the guide, except that I used VNC and gedit to add the public key to the authorized list = Server refused our key

Here is a shot:



Please not there are no spaces, not even between the FOU and +yy - it's a single line.

I tried removing the last = so there is only one and restarting the SSH server = no effect. So one or two "=" had no effect even after I restarted the server for each case.
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 24, 2011, 02:23:15 PM
 #13

Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.

You NEVER move a private key to another machine. You also generate keys only ONCE, and only on CLIENT machine.

1) Create a KEY PAIR using putty on your client machine

2) Copy the PUBLIC KEY to the Ubuntu machine

3) Convert the PUBLIC KEY on the Ubuntu machine into OPENSSL FORMAT

4) Append the OPENSSL PUBLIC KEY to the authorized_keys file in the ~/.ssh/ directory


Step 1) is done on the client machine, step 2) is sorta inbetween and 3) and 4) are done on the host machine.
1 - Do I need to convert the private key (which stays on the Windows machine) to OPENSSH format?
3 - What command do I use on the Ubuntu machine to convert the public key generated by PuttyGen into OpenSSH format?
4 - I can do it with the GUI, right? As shown in the screenshot above. I make sure it's a single line.

Like I said I've tried 2 or 3 different tutorials and I only get Server refused our key.
gfaust
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
July 24, 2011, 02:36:51 PM
 #14

permissons on the ~/.ssh folder should be 700 and on authorized_keys and known_hosts should be 644
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 24, 2011, 02:51:16 PM
 #15

permissons on the ~/.ssh folder should be 700 and on authorized_keys and known_hosts should be 644
That doesn't help either.

Here is the config file: http://paste.ubuntu.com/651204/

And also in the .ssh config there are only 2 files - authorized_keys and .authorized_keys.swp
WakiMiko
Newbie
*
Offline Offline

Activity: 59
Merit: 0



View Profile
July 24, 2011, 03:29:52 PM
Last edit: July 24, 2011, 05:48:37 PM by WakiMiko
 #16

1 - Do I need to convert the private key (which stays on the Windows machine) to OPENSSH format?
3 - What command do I use on the Ubuntu machine to convert the public key generated by PuttyGen into OpenSSH format?
4 - I can do it with the GUI, right? As shown in the screenshot above. I make sure it's a single line.

Like I said I've tried 2 or 3 different tutorials and I only get Server refused our key.

1) No, you dont.
3) I dunno, but a quick google search tells me that the puttygen GUI has a conversion function. also note that you can do this step on your client or host machine, it doesnt matter.
4) You can edit the authorized_keys file with any editor you want, just make sure it has the right permissions


CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 24, 2011, 04:46:32 PM
 #17



1) No, you dont.
3) I dunno, but a quick google search tells me that the puttygen GUI has a conversion function. also note that you can do this step on your client or host machine, it doesnt matter.
4) You can edit the authorized_keys file with any editor you want, just make sure it has the right permissions



1 - So then the keys will be in different formats? Why would that work?
2 - I've tried that function before when using different tutorial, but it didn't work.
3 - I think I'm doing everything right, but to no avail.
WakiMiko
Newbie
*
Offline Offline

Activity: 59
Merit: 0



View Profile
July 24, 2011, 05:10:53 PM
 #18



1 - So then the keys will be in different formats? Why would that work?
2 - I've tried that function before when using different tutorial, but it didn't work.
3 - I think I'm doing everything right, but to no avail.

1 - Why wouldnt it? The keys are only stored in different formats, putty needs the putty format, openssh needs the openssh format.
3 - If you would be doing everything right it would be working by now. Post a ls -l output of your .ssh directory.
CYPER (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 502



View Profile
July 24, 2011, 05:34:00 PM
 #19

Quote
cyper@Woody:~/.ssh$ ls -l
total 4
-rw-r--r-- 1 root root 209 2011-07-24 15:34 authorized_keys
cyper@Woody:~/.ssh$
WakiMiko
Newbie
*
Offline Offline

Activity: 59
Merit: 0



View Profile
July 24, 2011, 05:41:00 PM
 #20

duh, you did not listen to what I said, the permissions and the owner are completely wrong

run the following

Code:
sudo chown cyper:cyper authorized_keys
chmod 600 authorized_keys
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!