HPE Community
Operating System - HP-UX
1823760 Members
4431 Online
109664 Solutions
New Discussion юеВ

sshd: server refused our key

 
SOLVED
Go to solution
Mark Zurl
Frequent Advisor

тАО04-08-2005 04:43 AM

тАО04-08-2005 04:43 AM

sshd: server refused our key

Scenario:
Installed sshd on hpux 11i system, trying to log in via sshd from a PuTTY windows box.

Everything works OK, except sshd on the hpux machine will not go beyond asking for a password. At the login prompt that appears on the putty box, all I get is a "server refused our key", then sshd on the hpux system asks for a password. I enter the password, and sshd lets me in.

I copied the public key over to ~/.ssh/authorized_keys as required.

Any ideas?
Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
19 REPLIES 19
RAC_1
Honored Contributor

тАО04-08-2005 05:04 AM

тАО04-08-2005 05:04 AM

Re: sshd: server refused our key

Post /usr/sbin/sshd -ddd from hpux. (stop exisiting sshd)Try connecting now and post.
There is no substitute to HARDWORK
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 05:15 AM

тАО04-08-2005 05:15 AM

Re: sshd: server refused our key

OK, stopped sshd, then restarted at the command line:

Output on hpux was as follows:
# /opt/ssh/sbin/sshd -ddd
debug3: RNG is ready, skipping seeding
debug2: load_server_config: filename /opt/ssh/etc/sshd_config
debug2: load_server_config: done config len = 242
debug2: parse_server_config: config /opt/ssh/etc/sshd_config len 242
debug1: sshd version OpenSSH_3.9 [ HP-UX Secure Shell-A.03.91.002 ]
debug3: Not a RSA1 key file /opt/ssh/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /opt/ssh/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/opt/ssh/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 242
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8

On the windows box, I get:
Using username "testuser"
Server refused our key
password:

The PassPhrase was never requested .. I enter the password, log in, and that's it.

Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
Wilfred Chau_1
Respected Contributor

тАО04-08-2005 05:18 AM

тАО04-08-2005 05:18 AM

Re: sshd: server refused our key

putty uses openssh.
Do you also have openssh on the hpux box?

is the exported key from putty in openssh or commerical ssh format?
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 05:23 AM

тАО04-08-2005 05:23 AM

Re: sshd: server refused our key

The version of sshd running on hpux is in log posted in the previous reply. It is HP-UX Secure Shell-A.03.91.002.

Keys generated on the windows putty box were SSH2 RSA.

I figure the solution to this problem must reside somewhere in sshd_config? What forces sshd to request the passphrase instead of just a password??

Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
Robert Bennett_3
Respected Contributor

тАО04-08-2005 06:30 AM

тАО04-08-2005 06:30 AM

Re: sshd: server refused our key

This is how I set up trusts for ssh.

Edit the /opt/ssh/etc/ssh_config file, change the following keyword to the example.
Protocol 2,1

Edit the /opt/ssh/etc/sshd_config file, change the following keywords or uncomment the keywords as listed below.

Protocol 2,1
HostKey /opt/ssh/etc/ssh_host_key
HostKey /opt/ssh/etc/ssh_host_rsa_key
HostKey /opt/ssh/etc/ssh_host_dsa_key
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
RhostsAuthentication no
IgnoreRhosts yes
PermitEmptyPasswords no
X11Forwarding no

Establish the root trust from master server to the root account on your server.
cd /roots/.ssh
scp master_server:/roots/.ssh/id.rsa.pub ./id.rsa.pub.master_server
Cat id.rsa.pub.master_server >> authorized_keys

Test the trusted login ability of root on master server
root@master_server# ssh dnuxXXX
if the login was successful without a password the configuration is complete.

Hope this helps

B

"All there is to thinking is seeing something noticeable which makes you see something you weren't noticing which makes you see something that isn't even visible." - Norman Maclean
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 06:52 AM

тАО04-08-2005 06:52 AM

Re: sshd: server refused our key

Everyone:

This has been my first post on the ITRC forums. Many thanks to all who have responded!!

I have applied the suggestions that have been offered so far with no luck; however, I do appreciate the online assistance. I'm now leaning towards the problem being with the keys generated by "putty", but nonetheless feel that sshd should not have let me log in without supplying a passphrase.

Once again, thanks everyone and I'm glad I've joined the forum!
Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
RAC_1
Honored Contributor

тАО04-08-2005 06:53 AM

тАО04-08-2005 06:53 AM

Re: sshd: server refused our key

When you set the key, in authorized_keys file), did you do cut and paste?? Do not do that. Generate the new keys and do a cat to put the key in authorized_keys file.
There is no substitute to HARDWORK
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 07:24 AM

тАО04-08-2005 07:24 AM

Re: sshd: server refused our key

I generated the keys on my windows box (using putty), and then ftp'd the public key over to my hpux machine, and put it in as ~/.ssh/public

Then I copied ~/.ssh/public to ~/.ssh/authorized_keys, and checked all the permissions and ownership. I tried various permissions, like 744, 644, 700, 600, etc.

I appologize for any dumb errors here on my behalf, as I am implementing sshd for the first time.

Thanks,
Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
RAC_1
Honored Contributor

тАО04-08-2005 07:34 AM

тАО04-08-2005 07:34 AM

Re: sshd: server refused our key

How did you generate the keys?? Commands please.

Anil
There is no substitute to HARDWORK
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 07:47 AM

тАО04-08-2005 07:47 AM

Re: sshd: server refused our key

The keys were generated using the puttygen command on my windows box. When you execute this in a "command prompt" window, a keys generator window pops up.

First you select the SSH2 keys preference button, then select the generate button, then you move the mouse around to generate randomness, then select the "load keys" button, which creates a public and private key pair.

After that, I ftp'd the public key from the windows box to my hpux machine, and placed it in /home/testuser/.ssh/public. I then moved (used "$mv") public to authorized_keys, checked ownership and permissions, etc.

Does this sound about right in terms of the sequence of steps?

Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
RAC_1
Honored Contributor

тАО04-08-2005 07:57 AM

тАО04-08-2005 07:57 AM

Re: sshd: server refused our key

I was wondering about dsa or rsa keys?? Does it give that preference??
There is no substitute to HARDWORK
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 08:06 AM

тАО04-08-2005 08:06 AM

Re: sshd: server refused our key

I selected the "SSH2 RSA" preference. I remember reading somewhere there was a difference between SSH2 and SSH-2 protocols, .. that in fact there was a difference, and that you had to be careful as the dash in SSH-2 was important .. just guessing here.

Thanks again,
Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
RAC_1
Honored Contributor

тАО04-08-2005 08:07 AM

тАО04-08-2005 08:07 AM

Re: sshd: server refused our key

Do you have option of creating dsa keys?? IF yes, create and set them in authorized_keys.
There is no substitute to HARDWORK
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 08:09 AM

тАО04-08-2005 08:09 AM

Re: sshd: server refused our key

Excellent suggestion .. I'll give DSA a try, as it is an option!

Let you know what happens in a little bit.
Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 08:20 AM

тАО04-08-2005 08:20 AM

Re: sshd: server refused our key

OK, this time I generated a key pair (public/private) and selected the "SSH2 DSA" preference. I know its "SSH2 DSA" because the comment in the public key verifies it.

Moved the new public key over to my HPUX server under /home/testuser/.ssh/authorized_keys and same thing ..

When I try to connect from my windows box, I get the hpux prompts as follows:

Using username "testuser".
Server refused our key
testuser@testsystem password:

I enter the password, and log in successfully .. no passphrase was ever supplied or asked for.

Z
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
Tony Contratto
Respected Contributor

тАО04-08-2005 08:20 AM

тАО04-08-2005 08:20 AM

Solution

Re: sshd: server refused our key

Hello,

When using puttygen, the public key file that it saves is not in a format to use in the authorized_keys file. At the top of the puttygen window after you generate the key is a text box with the heading "Public key for pasting into OpenSSH authorized_keys file". That is what should be put into your authorized_keys file on the HP-UX box.

--
Tony
got root?
0 Kudos
RAC_1
Honored Contributor

тАО04-08-2005 08:34 AM

тАО04-08-2005 08:34 AM

Re: sshd: server refused our key

Can you post the key that it generates? (dsa key) also on hp-ux, in sshd_config file do you have setting for preferred authentication??
There is no substitute to HARDWORK
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-08-2005 08:38 AM

тАО04-08-2005 08:38 AM

Re: sshd: server refused our key

Tony -

That nailed it !! Good call !!!
In fact, RAC and others hinted at this earlier as to the cut-n-paste. Just a stupid mistake on my part.

Well, its 4:30pm EST over here, so I'm headed out to HappyHour .. thanks everyone so much.

To recap, for those using PUTTY, when generating key pairs, make sure you cut-n-paste from the top pop-up puttygen window and double check your paste.

Z


Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
Mark Zurl
Frequent Advisor

тАО04-11-2005 01:53 AM

тАО04-11-2005 01:53 AM

Re: sshd: server refused our key

Original Problem:
sshd does not prompt for passphrase, and generates "server refused our key" error while trying to log in.

Resolution:
The authorized_keys file did not contain the proper key. The puttygen key pair generator was used incorrectly. The authorized_keys file key should have been cut-n-paste'd from the top screen in the generator .. instead, the public key was used incorrectly.
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.