Sunforger

Sunforger

HomeArchives

Server refused our key!

234
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author attempted to set up an SSH key for a server to avoid password prompts but encountered issues with the server refusing the key. Various troubleshooting methods were considered, including adjusting SSH configuration settings and permissions, but none resolved the issue. Ultimately, the problem was solved by generating the SSH key on a local Windows machine instead of the server and then uploading it. After reconfiguring the SSH settings on an Ubuntu 22.04.1 LTS system and ensuring correct permissions for the SSH files, the author successfully logged in using the new key.

Thinking of configuring an ssh key for the server in the group to avoid the hassle of entering a password each time. But it seems... the server has its own ideas.

Recording a strange bug and a peculiar fix.

Operation#

Run ssh-keygen -t rsa in the .ssh folder under the server's user directory to generate the key.

Then download the private key to the local Windows machine. Configure ssh key login through mobaxterm.

Everything went smoothly until the moment of login.

Server refused our key!

The key was rejected, and a password was required to enter.

Attempts#

Idea 1: Configure to disable StrictMode in /etc/ssh/sshd_config, but since the server is used by multiple people and I'm not very knowledgeable, it could cause permission issues, so this method is not considered for now.

Idea 2: Adjust permission settings to meet the requirements of StrictMode. Remote connection to server Server refused our key | CSDN Blog

Idea 3: Due to Openssh version issues, the RSA encryption algorithm is not supported. It is necessary to configure support for RSA in the sshd_config file mobaxterm encountered Server refused our key issue | CSDN Blog or switch to another encryption algorithm Generate your SSH key using Ed25519 algorithm | Zhihu

Idea 4: Enable detailed logging to locate the problem. ssh configuration key prompts Server refused our key | CSDN Blog

The first three ideas did not solve my problem, while the fourth idea provided me with more hints. The key error message was:

mm_answer_keyallowed: publickey authentication test: RSA key is not allowed

Some said the key was incompatible, others mentioned Win32 restrictions, leaving me confused.

Solution#

This article gave me some insight Can't set up SSH key (PuTTY to Ubuntu Server) | StackExchange, stating that the generated key format might be incorrect.

My attempt was somewhat serendipitous—I decided not to generate the key on the Linux server but to regenerate it on my local Windows system and then upload it to the server, and the problem was strangely resolved!
202@2x

Update#

Recently, due to a system reinstall, I configured ssh login again.

System version: Ubuntu 22.04.1 LTS

Modify configuration file /etc/ssh/sshd_config

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

Remove the # that was originally commented out.

Generate key

ssh-keygen -t ed25519 -f your_ssh_key_ed25519 -C "your_ssh_key_name"

Set .ssh folder permissions to 700
Set private key file permissions to 600, public key file can be set to 644 permissions. This will not affect key security.
Set authorized_keys file permissions to 600. If there is no authorized_keys file, create one using the touch command.

chmod 700 .ssh
chmod 600 .ssh/your_private_key
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

Copy public key to authorized_keys file

cd .ssh
cat your_public_key >> authorized_keys

Note: The public key is usually a file with a .pub suffix.

After testing, login is successful.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.