Saturday, May 4, 2024
Homepage · server
 Popular · Latest · Hot · Upcoming
124
rated 0 times [  124] [ 0]  / answers: 1 / hits: 433709  / 2 Years ago, sat, march 12, 2022, 7:45:17

I'm trying to setup ssh authentication with key files in stead of username/password. The client is a Windows box running PuTTY and the server is a Ubuntu 12.04 LTS server.


I downloaded puttygen.exe and had it generate a key pair. In /etc/ssh/sshd_config I have this line:


AuthorizedKeysFile %h/.ssh/authorized_keys

and on my client's public key file it says this:


---- BEGIN SSH2 PUBLIC KEY ----

Comment: "[email protected]"

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAr3Qo6T5XU06ZigGOd3eKvfBhFLhg5kWv8lz6

qJ2G9XCbexlPQGanPhh+vcPkhor6+7OmB+WSdHeNO652kTofnauTKcTCbHjsT7cJ

GNrO8WVURRh4fabknUHPmauerWQZ6TgRPGaz0aucU+2C+DUo2SKVFDir1vb+4u83

[email protected]

---- END SSH2 PUBLIC KEY ----

I copied the part from "ssh-rsa AAA" to "[email protected]" and put that in the file ~/.ssh/authorized_keys on my server (in my own homefolder). In PuTTY under Connection > SSH > Auth I entered the path to the private key it generated on my client and saved the session settings.


I restarted the ssh server with


sudo service ssh restart

Now if I load the profile in PuTTY (I verified the private key is still in Connection > SSH > Auth and that the path is correct) and run the profile, it says


Server refused our key

I tried putting the public key in a file under the directory ./ssh/authorized_keys/ but that didn't help so I used ./ssh/authorized_keys as a file, pasting the key in it. I also tried generating a private/public key pair on the server, putting the public key in ./ssh/authorized_files and loading the private one in PuTTY on my client. Rebooting the server didn't help either.


I found that the error may be solved by putting the key in a place outside the user's home folder but that's only useful if the home folder is encrypted, which this one is not.


Also tried generating a 4096 bit key, thinking perhaps 1024 was too short.


How can I get this to work? Thanks!


EDIT:


Ok, /var/log/auth.log said:


sshd: Authentication refused: bad ownership or modes for directory /home/vorkbaard/.ssh

Google tells me ~/.ssh/ should be 700 and and ~/.ssh/authorized_keys should be 600, so I did that. Now /var/log/auth.log says:


sshd: error: key_read: uudecode AAAAB3N [etc etc etc until about 3/4 of my public key]

More From » server
 Answers
3

Ok, it is fixed however I don't see how this is different from what I tried already.



What I did:




  • generate a key pair with puttygen.exe (length: 1024 bits)

  • load the private key in the PuTTY profile

  • enter the public key in ~/.ssh/authorized_keys in one line
    (ssh-rsa {your_public_key} with no more than once space between ssh-rsa and your key)

  • chmod 700 ~/.ssh

  • chmod 600 ~/.ssh/authorized_keys

  • chown $USER:$USER ~/.ssh -R

  • change /etc/ssh/sshd_config so it contains AuthorizedKeysFile %h/.ssh/authorized_keys

  • sudo service ssh restart



For troubleshooting do # tail -f /var/log/auth.log.



Thanks for your help!


[#30778] Saturday, March 12, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
tubequ
Add To Favorites
Follow
Total Points: 11
Total Questions: 113
Total Answers: 115
Location: Equatorial Guinea
Member since Thu, Oct 7, 2021
3 Years ago
tubequ questions
Sat, May 27, 23, 07:00, 1 Year ago
Fri, May 20, 22, 00:18, 2 Years ago
Sun, Dec 25, 22, 20:39, 1 Year ago
Fri, Aug 20, 21, 06:54, 3 Years ago
Sat, Mar 4, 23, 22:56, 1 Year ago
View All
;