Sunforger

Sunforger

The server has rejected our key.

Thinking of setting up an SSH key for the server in the group so that I can avoid the hassle of entering the password every time. But it seems... the server has its own ideas.

Recording a strange bug and a strange fix.

Procedure

Run ssh-keygen -t rsa in the .ssh folder in the user directory of the server to generate a key.

Then download the private key to the local Windows machine. Configure SSH key login through mobaxterm.

Everything went smoothly until the moment of login.

Server refused our key!

The key was rejected and a password is required to enter.

Attempts

Approach 1: Configure StrictMode to be turned off in /etc/ssh/sshd_config. However, since the server is used by multiple people, I don't understand it very well and it may cause permission issues, so this method is not considered for now.

Approach 2: Adjust the permission settings to meet the requirements of StrictMode. Remote connection server Server refused our key | CSDN Blog

Approach 3: Due to the version issue of Openssh, the RSA encryption algorithm is not supported. Need to configure support for RSA in the sshd_config file. Mobaxterm encounters the problem of Server refused our key | CSDN Blog or use another encryption algorithm. Generate your SSH key using the Ed25519 algorithm | Zhihu

Approach 4: Enable detailed logging to locate the problem. SSH configuration key prompts Server refused our key | CSDN Blog

The first three approaches did not solve my problem, and the fourth approach gave me more hints. The key error message is:

mm_answer_keyallowed: publickey authentication test: RSA key is not allowed

Some say it's an incompatible key, some say it's a Win32 restriction, and I'm confused.

Solution

This article gave me some ideas Can't set up SSH key (PuTTY to Ubuntu Server) | StackExchange. The article suggests that the generated key format may be incorrect.

My attempt was a fluke - I decided not to generate the key on the Linux server, but to regenerate the key on the local Windows system and then upload it to the server, and the problem was magically solved!

202@2x

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.