Putty + Ubuntu +SSH + Public/Private Keys = Not Working (Server refused our key)

[CYPER]

So I've followed numerous tutorials online, but each time I got Server refused our key:

I tried creating the keys with Puttygen and I also tried creating them on the server and converting private through Puttygen, but to no avail.

Anyone managed to connect via SSH with keys? A tutorial that works will be highly appreciated.

[Rob P.]

Um, connect to WHAT exactly?  A random server?

When using Putty to SSH into an Ubuntu box, you should know 3 things:

1)  SSH server needs to be installed on Ubuntu (it isn't by default):  sudo apt-get install openssh-server
2)  You won't need to generate any keys
3)  You will just use Putty to connect via SSH to the IP address of the server

If the above is working, and you now want to use public/private keys to connect, instead of a password, then follow this tutorial:

http://blog.padraigkitterick.com/2007/09/16/using-putty-ssh-keys-with-openssh-on-ubuntu

[CYPER]

Connect from my Windows machine to my Ubuntu mining rig. I have no troubles connecting with username and password, but I would like to make it even easier and conect with a public-private keys.

So looking at your link I see it says to install Putty on the Linux machine just so it can convert the Putty generated key to a Linux key. But it doesn't say where to generate puttykey.ppk

Can you elaborate on the tutorial please. I'm unsure of what to do.

[WakiMiko]

make sure the file permissions of authorized_keys is set to 600 and owned by the user you are using to connect or openssh will refuse to use it.

[Rob P.]

First:

After you've created your putty key under Windows (puttykey.ppk), copy it to your Ubuntu server.  We'll assume you have it in your home directory on your Ubuntu server which is ~/.

So, that file is now ~/puttykey.ppk

On your Ubuntu box, run a terminal (or SSH in from your Windows box) and:

Code:

sudo apt-get install putty

When that's done, you now have putty on Ubuntu.  Next do:

Code:

puttygen ~/puttykey.ppk -L > ~/.ssh/id_rsa.pub

If you're not familiar with Unix/Linux then you won't realize this, but the key output is being redirected to a file named "id_rsa.pub" in the .ssh directory in your home directory on the Ubuntu server.

Finally, create the private key on Ubuntu using:

Code:

puttygen ~/puttykey.ppk -O private-openssh -o ~/.ssh/id_rsa

Now you should be able to do public key logins to Ubuntu.  You MAY still have an issue due to permissions, so I'd recommend also doing:

Code:

chmod 700 .ssh
chmod 600 .ssh/id_rsa*

Good luck.

[CYPER]

I'm somewhat familiar with Linux so can read and understand commands, but it's something else I can't understand: usually Puttygen can create 2 keys - public and private and the private ends in .ppk

So your tutorial says to copy the private key generated in Windows to the Ubuntu machine and transform it into Ubuntu style key (id_rsa.pub) which is a public key.

I'm well aware that the private key stays with the client (Windows) and the public with the server (Ubuntu), so your tutorial is confusing to me. Also your tutorial says to use the same key to create the public and private keys - are you sure about that?

Have you used that method yourself?

Thank you.

[WakiMiko]

First:

After you've created your putty key under Windows (puttykey.ppk), copy it to your Ubuntu server.  We'll assume you have it in your home directory on your Ubuntu server which is ~/.

So, that file is now ~/puttykey.ppk

On your Ubuntu box, run a terminal (or SSH in from your Windows box) and:

Code:

sudo apt-get install putty

When that's done, you now have putty on Ubuntu.  Next do:

Code:

puttygen ~/puttykey.ppk -L > ~/.ssh/id_rsa.pub

If you're not familiar with Unix/Linux then you won't realize this, but the key output is being redirected to a file named "id_rsa.pub" in the .ssh directory in your home directory on the Ubuntu server.

Finally, create the private key on Ubuntu using:

Code:

puttygen ~/puttykey.ppk -O private-openssh -o ~/.ssh/id_rsa

Now you should be able to do public key logins to Ubuntu.  You MAY still have an issue due to permissions, so I'd recommend also doing:

Code:

address
chmod 700 .ssh
chmod 600 .ssh/id_rsa*

Good luck.

I'm pretty sure that is completely wrong since the id_rsa* files .ssh are the public/private key files of THAT machine, and do not specify which public key is allowed to connect. They would only be used if you ssh'd from that machine to somewhere else. Furthermore there should be no need to create ANY keys whatsoever on the host machine.

Rather, you want to append your public key you created with putty on your client machine to the authorized_keys file in the ~/.ssh directory on the host machine. If that file does not exist create it and then run "chmod 600 authorized_keys". Depending on the format putty uses you might have to convert it to the openssh format first. There should be one key per line in the authorized_keys file, e.g. it should look similar to this:

Code:

ssh-rsa AAA[lots of characters]== bla@foo

So basically: append the .pub file you created on the client machine to the authorized_keys file of the host machine

[Rob P.]

I'm pretty sure that is completely wrong since the id_rsa* files .ssh are the public/private key files of THAT machine, and do not specify which public key is allowed to connect. They would only be used if you ssh'd from that machine to somewhere else. Furthermore there should be no need to create ANY keys whatsoever on the host machine.

Nope.  They're the converted public/private key pair from the Windows computer.  He didn't run ssh-keygen, hence he doesn't HAVE a public/private key pair for the Ubuntu system.

Rather, you want to append your public key you created with putty on your client machine to the authorized_keys file in the ~/.ssh directory on the host machine. If that file does not exist create it and then run "chmod 600 authorized_keys". Depending on the format putty uses you might have to convert it to the openssh format first. There should be one key per line in the authorized_keys file, e.g. it should look similar to this:

Code:

ssh-rsa AAA[lots of characters]== bla@foo

So basically: append the .pub file you created on the client machine to the authorized_keys file of the host machine

Yea, that's what I told him to do.  The problem is that he has a combined key created by Putty.

Putty under Windows just generates a .ppk file.  
You can read more here:  http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-ssh2-keyfmt

The instructions allow you to take that .ppk file and convert it to a valid OpenSSH public/private key pair (the id_rsa.pub and id_rsa).

You are right however, there is a step missing:

Code:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

That puts the public key into the authorized_keys file as a public/private key pair that is allowed to connect to the account.  In fact, after you do that step you can actually delete the id_rsa and id_rsa.pub if you wish, because they ARE for the Windows system.

[CYPER]

Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.

[MiningBuddy]

CYPER, use this guide: http://www.server-world.info/en/note?os=Ubuntu_11.04&p=ssh&f=2
I've used it to setup everyone of my ubuntu boxes and you don't have to install putty or puttygen on the remote host, takes 10mins tops to get setup.

[WakiMiko]

Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.

You NEVER move a private key to another machine. You also generate keys only ONCE, and only on CLIENT machine.

1) Create a KEY PAIR using putty on your client machine

2) Copy the PUBLIC KEY to the Ubuntu machine

3) Convert the PUBLIC KEY on the Ubuntu machine into OPENSSH FORMAT

4) Append the OPENSSH PUBLIC KEY to the authorized_keys file in the ~/.ssh/ directory


Step 1) is done on the client machine, step 2) is sorta inbetween and 3) and 4) are done on the host machine.

[CYPER]

CYPER, use this guide: http://www.server-world.info/en/note?os=Ubuntu_11.04&p=ssh&f=2
I've used it to setup everyone of my ubuntu boxes and you don't have to install putty or puttygen on the remote host, takes 10mins tops to get setup.

I did everything exactly by the guide, except that I used VNC and gedit to add the public key to the authorized list = Server refused our key

Here is a shot:



Please not there are no spaces, not even between the FOU and +yy - it's a single line.

I tried removing the last = so there is only one and restarting the SSH server = no effect. So one or two "=" had no effect even after I restarted the server for each case.

[CYPER]

Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.

You NEVER move a private key to another machine. You also generate keys only ONCE, and only on CLIENT machine.

1) Create a KEY PAIR using putty on your client machine

2) Copy the PUBLIC KEY to the Ubuntu machine

3) Convert the PUBLIC KEY on the Ubuntu machine into OPENSSL FORMAT

4) Append the OPENSSL PUBLIC KEY to the authorized_keys file in the ~/.ssh/ directory


Step 1) is done on the client machine, step 2) is sorta inbetween and 3) and 4) are done on the host machine.

1 - Do I need to convert the private key (which stays on the Windows machine) to OPENSSH format?
3 - What command do I use on the Ubuntu machine to convert the public key generated by PuttyGen into OpenSSH format?
4 - I can do it with the GUI, right? As shown in the screenshot above. I make sure it's a single line.

Like I said I've tried 2 or 3 different tutorials and I only get Server refused our key.

[gfaust]

permissons on the ~/.ssh folder should be 700 and on authorized_keys and known_hosts should be 644

[CYPER]

permissons on the ~/.ssh folder should be 700 and on authorized_keys and known_hosts should be 644

That doesn't help either.

Here is the config file: http://paste.ubuntu.com/651204/

And also in the .ssh config there are only 2 files - authorized_keys and .authorized_keys.swp

[WakiMiko]

1 - Do I need to convert the private key (which stays on the Windows machine) to OPENSSH format?
3 - What command do I use on the Ubuntu machine to convert the public key generated by PuttyGen into OpenSSH format?
4 - I can do it with the GUI, right? As shown in the screenshot above. I make sure it's a single line.

Like I said I've tried 2 or 3 different tutorials and I only get Server refused our key.

1) No, you dont.
3) I dunno, but a quick google search tells me that the puttygen GUI has a conversion function. also note that you can do this step on your client or host machine, it doesnt matter.
4) You can edit the authorized_keys file with any editor you want, just make sure it has the right permissions

[CYPER]

1) No, you dont.
3) I dunno, but a quick google search tells me that the puttygen GUI has a conversion function. also note that you can do this step on your client or host machine, it doesnt matter.
4) You can edit the authorized_keys file with any editor you want, just make sure it has the right permissions

1 - So then the keys will be in different formats? Why would that work?
2 - I've tried that function before when using different tutorial, but it didn't work.
3 - I think I'm doing everything right, but to no avail.

[WakiMiko]

1 - So then the keys will be in different formats? Why would that work?
2 - I've tried that function before when using different tutorial, but it didn't work.
3 - I think I'm doing everything right, but to no avail.

1 - Why wouldnt it? The keys are only stored in different formats, putty needs the putty format, openssh needs the openssh format.
3 - If you would be doing everything right it would be working by now. Post a ls -l output of your .ssh directory.

[CYPER]

cyper@Woody:~/.ssh$ ls -l
total 4
-rw-r--r-- 1 root root 209 2011-07-24 15:34 authorized_keys
cyper@Woody:~/.ssh$

[WakiMiko]

duh, you did not listen to what I said, the permissions and the owner are completely wrong

run the following

Code:

sudo chown cyper:cyper authorized_keys
chmod 600 authorized_keys