Pages:
Author

Topic: Putty + Ubuntu +SSH + Public/Private Keys = Not Working (Server refused our key) (Read 23483 times)

hero member
Activity: 812
Merit: 502
I was told that this  should be ok:

drwx------  2 cyper cyper     4096 2011-07-24 19:01 .ssh/

But still the server reports Refused key.
newbie
Activity: 59
Merit: 0
it does, also make sure that the .ssh directory is also only read and writeable by "cyper"
hero member
Activity: 812
Merit: 502
Does this look allright?


Quote
cyper@Woody:~/.ssh$ ls -l
total 4
-rw------- 1 cyper cyper 209 2011-07-24 15:34 authorized_keys
cyper@Woody:~/.ssh$
newbie
Activity: 59
Merit: 0
duh, you did not listen to what I said, the permissions and the owner are completely wrong

run the following

Code:
sudo chown cyper:cyper authorized_keys
chmod 600 authorized_keys
hero member
Activity: 812
Merit: 502
Quote
cyper@Woody:~/.ssh$ ls -l
total 4
-rw-r--r-- 1 root root 209 2011-07-24 15:34 authorized_keys
cyper@Woody:~/.ssh$
newbie
Activity: 59
Merit: 0


1 - So then the keys will be in different formats? Why would that work?
2 - I've tried that function before when using different tutorial, but it didn't work.
3 - I think I'm doing everything right, but to no avail.

1 - Why wouldnt it? The keys are only stored in different formats, putty needs the putty format, openssh needs the openssh format.
3 - If you would be doing everything right it would be working by now. Post a ls -l output of your .ssh directory.
hero member
Activity: 812
Merit: 502


1) No, you dont.
3) I dunno, but a quick google search tells me that the puttygen GUI has a conversion function. also note that you can do this step on your client or host machine, it doesnt matter.
4) You can edit the authorized_keys file with any editor you want, just make sure it has the right permissions



1 - So then the keys will be in different formats? Why would that work?
2 - I've tried that function before when using different tutorial, but it didn't work.
3 - I think I'm doing everything right, but to no avail.
newbie
Activity: 59
Merit: 0
1 - Do I need to convert the private key (which stays on the Windows machine) to OPENSSH format?
3 - What command do I use on the Ubuntu machine to convert the public key generated by PuttyGen into OpenSSH format?
4 - I can do it with the GUI, right? As shown in the screenshot above. I make sure it's a single line.

Like I said I've tried 2 or 3 different tutorials and I only get Server refused our key.

1) No, you dont.
3) I dunno, but a quick google search tells me that the puttygen GUI has a conversion function. also note that you can do this step on your client or host machine, it doesnt matter.
4) You can edit the authorized_keys file with any editor you want, just make sure it has the right permissions


hero member
Activity: 812
Merit: 502
permissons on the ~/.ssh folder should be 700 and on authorized_keys and known_hosts should be 644
That doesn't help either.

Here is the config file: http://paste.ubuntu.com/651204/

And also in the .ssh config there are only 2 files - authorized_keys and .authorized_keys.swp
newbie
Activity: 24
Merit: 0
permissons on the ~/.ssh folder should be 700 and on authorized_keys and known_hosts should be 644
hero member
Activity: 812
Merit: 502
Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.

You NEVER move a private key to another machine. You also generate keys only ONCE, and only on CLIENT machine.

1) Create a KEY PAIR using putty on your client machine

2) Copy the PUBLIC KEY to the Ubuntu machine

3) Convert the PUBLIC KEY on the Ubuntu machine into OPENSSL FORMAT

4) Append the OPENSSL PUBLIC KEY to the authorized_keys file in the ~/.ssh/ directory


Step 1) is done on the client machine, step 2) is sorta inbetween and 3) and 4) are done on the host machine.
1 - Do I need to convert the private key (which stays on the Windows machine) to OPENSSH format?
3 - What command do I use on the Ubuntu machine to convert the public key generated by PuttyGen into OpenSSH format?
4 - I can do it with the GUI, right? As shown in the screenshot above. I make sure it's a single line.

Like I said I've tried 2 or 3 different tutorials and I only get Server refused our key.
hero member
Activity: 812
Merit: 502
CYPER, use this guide: http://www.server-world.info/en/note?os=Ubuntu_11.04&p=ssh&f=2
I've used it to setup everyone of my ubuntu boxes and you don't have to install putty or puttygen on the remote host, takes 10mins tops to get setup.

I did everything exactly by the guide, except that I used VNC and gedit to add the public key to the authorized list = Server refused our key

Here is a shot:



Please not there are no spaces, not even between the FOU and +yy - it's a single line.

I tried removing the last = so there is only one and restarting the SSH server = no effect. So one or two "=" had no effect even after I restarted the server for each case.
newbie
Activity: 59
Merit: 0
Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.

You NEVER move a private key to another machine. You also generate keys only ONCE, and only on CLIENT machine.

1) Create a KEY PAIR using putty on your client machine

2) Copy the PUBLIC KEY to the Ubuntu machine

3) Convert the PUBLIC KEY on the Ubuntu machine into OPENSSH FORMAT

4) Append the OPENSSH PUBLIC KEY to the authorized_keys file in the ~/.ssh/ directory


Step 1) is done on the client machine, step 2) is sorta inbetween and 3) and 4) are done on the host machine.
hero member
Activity: 927
Merit: 1000
฿itcoin ฿itcoin ฿itcoin
CYPER, use this guide: http://www.server-world.info/en/note?os=Ubuntu_11.04&p=ssh&f=2
I've used it to setup everyone of my ubuntu boxes and you don't have to install putty or puttygen on the remote host, takes 10mins tops to get setup.
hero member
Activity: 812
Merit: 502
Let me see if I understand correctly - First I create a private key under Windows using Puttygen and after I copy this private key to the Ubuntu machine I use again Puttygen to generate the private and public keys out of the private keys I created earlier with PuttyGen under Windows.

Are you sure that is the way, cause that's how you explained it. The program for generating keys under windows is Puttygen and it can create either a private or public keys or both.
member
Activity: 84
Merit: 10
I'm pretty sure that is completely wrong since the id_rsa* files .ssh are the public/private key files of THAT machine, and do not specify which public key is allowed to connect. They would only be used if you ssh'd from that machine to somewhere else. Furthermore there should be no need to create ANY keys whatsoever on the host machine.

Nope.  They're the converted public/private key pair from the Windows computer.  He didn't run ssh-keygen, hence he doesn't HAVE a public/private key pair for the Ubuntu system.

Rather, you want to append your public key you created with putty on your client machine to the authorized_keys file in the ~/.ssh directory on the host machine. If that file does not exist create it and then run "chmod 600 authorized_keys". Depending on the format putty uses you might have to convert it to the openssh format first. There should be one key per line in the authorized_keys file, e.g. it should look similar to this:

Code:
ssh-rsa AAA[lots of characters]== bla@foo

So basically: append the .pub file you created on the client machine to the authorized_keys file of the host machine

Yea, that's what I told him to do.  The problem is that he has a combined key created by Putty.

Putty under Windows just generates a .ppk file.  
You can read more here:  http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-ssh2-keyfmt

The instructions allow you to take that .ppk file and convert it to a valid OpenSSH public/private key pair (the id_rsa.pub and id_rsa).

You are right however, there is a step missing:

Code:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

That puts the public key into the authorized_keys file as a public/private key pair that is allowed to connect to the account.  In fact, after you do that step you can actually delete the id_rsa and id_rsa.pub if you wish, because they ARE for the Windows system.
newbie
Activity: 59
Merit: 0
First:

After you've created your putty key under Windows (puttykey.ppk), copy it to your Ubuntu server.  We'll assume you have it in your home directory on your Ubuntu server which is ~/.

So, that file is now ~/puttykey.ppk

On your Ubuntu box, run a terminal (or SSH in from your Windows box) and:

Code:
sudo apt-get install putty

When that's done, you now have putty on Ubuntu.  Next do:

Code:
puttygen ~/puttykey.ppk -L > ~/.ssh/id_rsa.pub

If you're not familiar with Unix/Linux then you won't realize this, but the key output is being redirected to a file named "id_rsa.pub" in the .ssh directory in your home directory on the Ubuntu server.

Finally, create the private key on Ubuntu using:

Code:
puttygen ~/puttykey.ppk -O private-openssh -o ~/.ssh/id_rsa

Now you should be able to do public key logins to Ubuntu.  You MAY still have an issue due to permissions, so I'd recommend also doing:

Code:
address
chmod 700 .ssh
chmod 600 .ssh/id_rsa*

Good luck.

I'm pretty sure that is completely wrong since the id_rsa* files .ssh are the public/private key files of THAT machine, and do not specify which public key is allowed to connect. They would only be used if you ssh'd from that machine to somewhere else. Furthermore there should be no need to create ANY keys whatsoever on the host machine.

Rather, you want to append your public key you created with putty on your client machine to the authorized_keys file in the ~/.ssh directory on the host machine. If that file does not exist create it and then run "chmod 600 authorized_keys". Depending on the format putty uses you might have to convert it to the openssh format first. There should be one key per line in the authorized_keys file, e.g. it should look similar to this:

Code:
ssh-rsa AAA[lots of characters]== bla@foo

So basically: append the .pub file you created on the client machine to the authorized_keys file of the host machine
hero member
Activity: 812
Merit: 502
I'm somewhat familiar with Linux so can read and understand commands, but it's something else I can't understand: usually Puttygen can create 2 keys - public and private and the private ends in .ppk

So your tutorial says to copy the private key generated in Windows to the Ubuntu machine and transform it into Ubuntu style key (id_rsa.pub) which is a public key.

I'm well aware that the private key stays with the client (Windows) and the public with the server (Ubuntu), so your tutorial is confusing to me. Also your tutorial says to use the same key to create the public and private keys - are you sure about that?

Have you used that method yourself?

Thank you.
member
Activity: 84
Merit: 10
First:

After you've created your putty key under Windows (puttykey.ppk), copy it to your Ubuntu server.  We'll assume you have it in your home directory on your Ubuntu server which is ~/.

So, that file is now ~/puttykey.ppk

On your Ubuntu box, run a terminal (or SSH in from your Windows box) and:

Code:
sudo apt-get install putty

When that's done, you now have putty on Ubuntu.  Next do:

Code:
puttygen ~/puttykey.ppk -L > ~/.ssh/id_rsa.pub

If you're not familiar with Unix/Linux then you won't realize this, but the key output is being redirected to a file named "id_rsa.pub" in the .ssh directory in your home directory on the Ubuntu server.

Finally, create the private key on Ubuntu using:

Code:
puttygen ~/puttykey.ppk -O private-openssh -o ~/.ssh/id_rsa

Now you should be able to do public key logins to Ubuntu.  You MAY still have an issue due to permissions, so I'd recommend also doing:

Code:
chmod 700 .ssh
chmod 600 .ssh/id_rsa*

Good luck.
newbie
Activity: 59
Merit: 0
make sure the file permissions of authorized_keys is set to 600 and owned by the user you are using to connect or openssh will refuse to use it.
Pages:
Jump to: