HPE Community
Operating System - HP-UX
1824012 Members
3773 Online
109667 Solutions
New Discussion юеВ

server refused public key from puttygen

 
so.nimda
Super Advisor

тАО04-15-2010 05:25 AM

тАО04-15-2010 05:25 AM

server refused public key from puttygen

Hi,

I am trying to connect from a Windows server to HP UX remotely via ssh without password and this is I've done :

1) used puttygen and generated a private (ppk) and a public key
2) used the "Public key for pasting into OpenSSH authorized_keys file" option to copy and "cat" to /home/user/.ssh/authorized_keys
3) updated the ppk in a putty session in the Windows server

When I tried connecting from the windows server, I had the "server refused our key" error.

Did I miss some steps?

Thanks !
0 Kudos
Reply
10 REPLIES 10
Steven E. Protter
Exalted Contributor

тАО04-15-2010 05:35 AM

тАО04-15-2010 05:35 AM

Re: server refused public key from puttygen

Shalom,

http://www.dailyiteration.com/howto-passwordless-ssh-authentication-with-putty/

That procedure worked perfectly for me.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО04-15-2010 06:17 AM

тАО04-15-2010 06:17 AM

Re: server refused public key from puttygen

If the permissions of the file or its directory path are too wide, sshd will assume the key file is not secure, and will not use key authentication.

Run this command on the HP-UX system:

ll -d / /home /home/user /home/user/.ssh

Then verify that all these directories are not writable by anyone other than "user" and root.

To set the correct ownership and permissions, the following commands would be typical:

chown root:root / /home
chmod 755 / /home
(Directory permissions drwxr-xr-x.)

chown user:$(id -gn user) /home/user /home/user/.ssh
chmod go-w /home/user

(The correct permissions for the home directory are somewhat site-dependent: you might use permissions 755, 751, 750, 711, 710 or even 700. But the important thing is that the write permission for "group" and "other" is removed.)

chmod 700 /home/user/.ssh
(Directory permissions drwx------)

chown user:$(id -gn user) /home/user/.ssh/authorized_keys
chmod 600 /home/user/.ssh/authorized_keys
(File permissions -rw-------)

NOTE: if your home directories are NFS mounted, you might have to use 711 for /home/user/.ssh and 644 for the authorized_keys file instead.

MK
MK
0 Kudos
Reply
so.nimda
Super Advisor

тАО04-15-2010 04:23 PM

тАО04-15-2010 04:23 PM

Re: server refused public key from puttygen

Hi Steven,

Thanks for the reply and link.

I followed the steps (the authorized_keys part may have some issue, which I will explain below) all the way till the pageant portion and When I used putty to connect, I am still prompted to enter a password.

I'm not sure if the authorized_keys/public key is the problem.

Here's what I noticed :

1) when I used root to run the command "ssh-keygen -i -f key.pub >> authorized_keys", I get the error "input too long". The authorized_keys file was still created but with 0 bytes.

2) when I "su - user1" to run the same "ssh-keygen" command, I get the message "authorized_keys: No such file or directory".

Could the prompting of password be the result of not having a proper "authorized_keys" file?

Thanks
0 Kudos
Reply
so.nimda
Super Advisor

тАО04-15-2010 04:24 PM

тАО04-15-2010 04:24 PM

Re: server refused public key from puttygen

Hi Matti,

Thanks for your reply.

Will take note when I tackle the authorized_keys part.

Regards
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО04-15-2010 04:29 PM

тАО04-15-2010 04:29 PM

Re: server refused public key from puttygen

As Matti mentioned... check directory permissions. If the directory permissions are a problem, the syslog should have an entry from your login attempt which mentions the permissions.

Also, when you cut/paste the public key into your authorized keys file, make sure it is one continuous line. If there are line breaks from your cut/paste, it won't work.

vi you ~/.ssh/authorized_keys file and make sure it is all in one line. shift+j to join lines then delete the spaces between the joined lines.

Hope this helps,
-denver
0 Kudos
Reply
so.nimda
Super Advisor

тАО04-15-2010 06:34 PM

тАО04-15-2010 06:34 PM

Re: server refused public key from puttygen

Hi Denver,

Thanks for your reply.

I think my problem is creating the "authorized_keys" file.

When I used root to run "ssh-keygen -i -f key.pub >> authorized_keys", I get the error input too long".

When I used the user to run "ssh-keygen -i -f key.pub >> authorized_keys", I get the message "authorized_keys: No such file or directory".

What's the correct the way?

Either way, I don't think the authorized_keys" files was created correctly so even though the permission is correct, it may still not work.

Regards
0 Kudos
Reply
so.nimda
Super Advisor

тАО04-15-2010 06:57 PM

тАО04-15-2010 06:57 PM

Re: server refused public key from puttygen

Hi all,

Some updates :

I redo the steps as suggested and when I tried to connect from the Windows server to UX server, I still get prompted with a password :

c:\> plink -ssh -l touch test.txt
Using keyboard-interactive authentication.
Password :

Anyway of not being prompted with password?

Thanks
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО04-15-2010 06:59 PM

тАО04-15-2010 06:59 PM

Re: server refused public key from puttygen

How did you transfer the putty key.pub file to the unix box? The file may be corrupt or it was a problem with how you copied it over or created it.

Try this...

on the windows box, open the putty key generator and 'load' your private key. After it is loaded, right-click, select all in the "Public key for pasting into OpenSSH authorized_keys file:" box... then right-click, copy.

Now ssh to the to the unix box using putty and vi your authorized keys file.

vi ~/.ssh/authorized_keys
i
shift+insert or right-click to paste pub key
esc
:wq!

With that done, try putty again with the ssh-key using a different putty session... before you do this tail the syslog in your open putty session.

tail -f /var/adm/syslog/syslog

If the session fails to login using your key, post what is logged to the syslog. It might help.

-denver
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО04-15-2010 07:36 PM

тАО04-15-2010 07:36 PM

Re: server refused public key from puttygen

ok, I just noticed your update re: plink...

When testing, did you have the PuTTY Agent (pageant.exe) running with your key added? If not, then use the "-i" option and specify your private key file.

plink -i c:\path_to_key\key.ppk -ssh user@host

-denver
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО04-16-2010 08:05 AM

тАО04-16-2010 08:05 AM

Re: server refused public key from puttygen

> When I used root to run "ssh-keygen -i -f key.pub >> authorized_keys", I get the error input too long".

Why did you use "ssh-keygen -i" in the first place? It is supposed to convert the key from a format used by ssh.com products to OpenSSH format. If you used the "Public key for pasting into OpenSSH authorized_keys file" option in PuTTYgen, no further conversion should be necessary at the HP-UX side.

Please try this:
1.) Just use PuTTY to login from the Windows server to HP-UX using the password. Open the /home/user/.ssh/authorized_keys file in a text editor, and make sure it's ready to receive text.

2.) On the Windows server, start PuTTYgen and load your .ppk file.

3.) Select the entire text in "Public key for pasting into OpenSSH authorized_keys file", copy it and right-click on the PuTTY session to paste the key text into the Unix text editor running in the PuTTY session.
If your editor of choice has any word-wrap features, make sure the key is pasted as one long line.

Or are you using a ssh.com server package in your HP-UX system? That package includes its own ssh-keygen, which imports into its own native format. But PuTTYgen can produce that format directly too: there is no need to first create an OpenSSH public key file and then convert it to ssh.com format.

To quickly identify the SSH version on the HP-UX system, use telnet to connect to port 22 of the HP-UX system. You'll see one line of text, listing the name and version of the SSH server. Because the telnet client cannot send the proper SSH response, the telnet session will eventually time out... but by then, you already have the server SSH version information.

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.