6

I'm on a Ubuntu server. I'm trying to enable an ssh tunnel in order to add a git remote in a project of mine.

  • On my local win7 machine I generated the key pair with PuTTYgen.
  • I pasted the public key in authorized_keys file
  • I set the private PuTTY ppk filepath into putty Auth config

When I try to open a remote shell I get the error Server refused our key.

Checking the log: Connection closed by <ip> [preauth] in /var/log/auth.log.

More infos:

~/.ssh/authorized-keys have permissions 664.

The file is named authorized-keys not authorized_keys could this be a problem?

What am I missing?

Jakuje
  • 9,145
  • 2
  • 40
  • 44
alfredopacino
  • 193
  • 1
  • 1
  • 6
  • 1
    How does the public key you pasted into `authorized_keys` look like? – Jakuje Apr 30 '17 at 13:35
  • the usual: `ssh-rsa AAAAB3[......]== rsa-key-20170411`. `authorized_keys ` contains already another key (exactly same format). – alfredopacino Apr 30 '17 at 21:54
  • The other key already works? The permissions on the file and the path are correct? – Jakuje May 01 '17 at 06:20
  • I can't check if the other key works, it is not mine. The file permissions are 664. The path of the file `~/.ssh` – alfredopacino May 01 '17 at 18:16
  • That will be the problem. The `authorized_keys` should not be writable by anyone else than the owner. You should get it fixed by `chmod go-w ~/.ssh/authorized_keys`. Similar things apply for the path (`~` and `~/.ssh`) to the `authorized_keys` file. – Jakuje May 01 '17 at 18:19
  • It can be configured to different name in /etc/ssh/sshd_config. If it is not, rename it to the correct name. – Jakuje May 02 '17 at 05:27

3 Answers3

5

The name should be ~/.ssh/authorized_keys instead authorized-keys. Probably somebody setting this up (for the other key) named the file wrong and was similarly wondering why it does not work.

Also the file should not be writable by anyone else but owner. Therefore the permissions should be 644 instead. You can fix that using

chmod go-w ~/.ssh/authorized_keys
Jakuje
  • 9,145
  • 2
  • 40
  • 44
1

This answer might be little late, but for those who seek similar issue, I would suggest best thing to copy the public key to remote server's authorized_key file is using following command:

ssh-copy-id remoteuser@remotehost

This will copy the current user's pub key to remote server and will avoid typos.

Additionally, -i flag can be used to point at different identity file.

heavyguidence
  • 159
  • 6
0

If the IP address in the message is the client's IP address it may indicate that the client is attempting to authenticate with the incorrect passphrase for their private key.

Code Commander
  • 111
  • 3