How to use SSH Public Key with PuTTY to connect to a Linux machine

5

1

I am trying to set a public SSH key connection from a Windows 7 machine to a Red-Hat Linux machine. The ultimate purpose is to use pscp (PuTTY's version of scp) from the command terminal w/o the need to type password repetitively.

Following PuTTY's documentation and other online sources, I used PuTTYgen to generate a key pair. I then copied the generated public key to a ~/.ssh/authorized_keys file on the Linux machine (as far as I can tell, it runs OpenSSH server).

To check the connection, I run PuTTY and set the username and private key file in the appropriate places in its GUI.

However, when trying to connect using PuTTY's SSH, the connection uses the preset username, but I get an error message of "Server refused our key" and a prompt for the password.

I then tried to copy-paste the public key text from PuTTYgen's GUI to the authorized_keys file, but it did not work either.

  1. How should I set up a public key connection form Win 7 to Linux?

  2. How do I use this with pscp (rather than PuTTY's ssh)?

Update: Thinking the problem might be with the PuTTYgen key format, I used ssh-keygen on the Linux machine to create an RSA keypair. It generated a id_rsa private key and id_rsa.pub public key. Trying to use > ssh-add id_rsa was not successful, as I git the reply that "Could not open a connection to your authentication agent.", so I just used > cp id_rsa.pub authorized_keys.

I then copied these files to the Windows machine, and used PuTTYgen to convert the private key to a PuTTY private key format (*.ppk). Trying to connect using the new key, I get the response that "Server refused our key".

ysap

Posted 2013-11-07T21:05:43.423

Reputation: 2 116

Did you tried to use python paramiko lib, I do that in job with 600 server at once. – Francisco Tapia – 2015-04-25T13:20:07.750

Make sure the ownership of ~/.ssh is correct and that the permissions are 0600 (+x for the directory). If you're using SELinux, running restorecon -R -v ~/.ssh will make sure that the labels are correct. – Cristian Ciupitu – 2013-11-08T04:08:27.883

@CristianCiupitu - I am using Red-Hat. I changed the permissions to 777 but it does not solve the problem. – ysap – 2013-11-08T09:34:53.690

I didn't say to change the permission to 777 (world readable and writable), I said to make them secret. – Cristian Ciupitu – 2013-11-08T13:00:48.427

@CristianCiupitu - are you suggesting that '700' and '600' for dir and keys-file are a maximum requirement? SSH should fail because it is world available??? Anyway, I made the change but still no sucess. – ysap – 2013-11-08T14:13:20.647

Check out the logs and update the question. – Cristian Ciupitu – 2013-11-08T18:52:13.990

@CristianCiupitu - What logs? Can you please be more specific? – ysap – 2013-11-08T19:13:49.743

/var/log/secure (and /var/log/messages) probably. – Cristian Ciupitu – 2013-11-08T23:28:22.867

@CristianCiupitu - Unfortunately, I don't have access to /var/log/secure (it has root only permissions). The /var/log/messages file contains only a few lines that do not seem to be related to the SSH (looks like it was restarted yesterday, so the log is very short). I viewed it before and after an SSH attempt and there was no change. – ysap – 2013-11-11T14:39:44.690

Answers

3

You have to follow these properly.

Configure the Public Key in SSH Server

Copy the public key in to SSH Server via SFTP

put publicy_key

Login to SSH server verify the copied public key

ls -l public_key

Since the public key does not have any permissions, change it to 400 (for read)

chmod 400 public_key

Use ssh-keygen tool to create openSSH format public key

ssh-keygen -if public_key > public_key_openssh_format

Add the created openSSH public key to authorized_keys files

cat public_key_openssh_format >> ~/.ssh/authorized_keys

Check the permissions of .ssh folder and authorized_keys file for access permissions

ls -al ~/.ssh

Verify the Key Pairs with PuTTY

Now, the key based authentication can be verified with PuTTY. Enter the host name and port

Select the private key (.ppk)

Confirm the Security alert

If the configuration is correct, the connection will be established successfully

If you are still stuck. Then you have to re-create the user and follow the steps and configure the public key again.

The user can be recreated using the following command:

Make a copy of the user folder and delete it before recreation.

yast2 users add username=userName cn=" User for test" password="password" gid=100 grouplist=dialout,video type=local

Vishnu Prasad Kallummel

Posted 2013-11-07T21:05:43.423

Reputation: 264

I believe the commands may change slightly since this is a red hat system - I do believe adduser is the 'standard' command used for this. Nonetheless, nice use of screenshots (even if I'd tend to copy/paste then use the code or pre blocks for better search/copyability and smaller page size) to illustrate the answer. – Journeyman Geek – 2013-11-08T04:33:52.377

I was not sure whether my answer would be posted as it contained pictures (Since I also had only 11 reputation). I'll take care of the formatting the next time I answer any question. Thanks to @slhck♦ for formatting the answer, he also mentioned the same. – Vishnu Prasad Kallummel – 2013-11-08T08:45:10.497

Thanks. So, I used scp to copy the public key to the remote machine. There, I used ssh-keygen -if puttygen.pub.key > ~/.ssh/authorized_keys and made sure directory and file have read permission. But, when running PuTTY and selecting the private key, I still get the same response from the Linux account. I did not get PuTTY's key-caching message (could be that it was there on the 1st time I used that key). I assume that sftp used in your answer if not critical, right? I also noticed that you have a ~/.ssh/known_hosts file. Is this essential for the process? – ysap – 2013-11-08T09:04:31.280

Please note that this is a corporate Linux machine, and I cannot create a new user. Just play with my account. – ysap – 2013-11-08T09:37:24.933

Please notice update to question. – ysap – 2013-11-08T09:56:26.447

Can you edit the private key and check? The authorized keys should contain the same text as in the public part of the private key.

I have faced this issue and it was solved only after I have recreated the user. Every other trick I used was not helpful! :(

And yes the sftp is not important. I already had a taken the screen shots for that specific steps hence the same. – Vishnu Prasad Kallummel – 2013-11-08T10:07:40.053

@VishnuPrasadKallummel - AFAICT, the two keys are identical (up to line wrap). – ysap – 2013-11-08T15:56:48.547

I'm sorry, I don't have any further suggestions. :( – Vishnu Prasad Kallummel – 2013-11-11T04:53:13.423

0

I have concluded that PuTTY or PuTTYgen is broken. This is not some trivial user error regarding file formats. If I calculate the hash of the authorized public key on the server, it matches the hash displayed by PuTTYgen on the client where I generated the keys. Yet, the server refuses the key like it didn't match.

I've tried this with OS X, Linux and Cisco & Juniper routers. The ssh-rsa public key from PuTTYgen just doesn't work.

If you generate the keys on with OpenSSH and then import them into PuTTYgen to save as a .ppk for PuTTY, it works fine.

Monstieur

Posted 2013-11-07T21:05:43.423

Reputation: 426

0

Perhaps you need to set the "Connection/SSH/Auth/Allow agent forwarding" option to "true". The ssh-add command has worked for me after I've done this.

PuTTY screenshot showing SSH authentication settings

Vladius

Posted 2013-11-07T21:05:43.423

Reputation: 101

Thanks. I am no longer in that environment, but can you please elaborate on that field, for the sake of future viewers? – ysap – 2015-01-21T19:48:58.467

Asked: 2013-11-07T21:05:43.423

Viewed: 29 728 times

Active: 2015-04-25T13:09:02.100