Having trouble setting up key authentication

Gidday guys

Total Linux newb. I've been setting up my Linode, and got stuck at the key authentication part.

I'm using Putty, PuttyGen, and Ubuntu 10

I was successfully able to create the public and private keys, and save them on my local pc. I then put the public key in the file at /etc/ssh/authorized_keys in my root (all on one line).

When connecting I get a 'server refused our key' error.

the docs mentiona .ssh dir. Do I include the dot as in

/etc/.ssh/authorizedkeys, or should it be /etc/ssh/authorizedkeys ? I tried it with a dot, but there is a save error when I try to finish writing the file.

Also, should it start with /etc or should there be a user name in there?

I've stopped Pageant (to eliminate any problems with that and Putty communicating), and tried loading the .ppk file directly into Putty using the 'Private key file for authentication' browse box.

Also, when I type chmod go-w $HOME $HOME/.ssh $HOME/.ssh/authorized_keys (as in the instructions at 8.3 Getting ready for public key authentication), I am told there is no such directory. The manual isn't clear about exactly where the .ssh dir is (I have been saving in the ssh dir, not .ssh). Is it in /etc ?

Also, while setting this up, should I be logged in as root or as the 2nd user?

Everything else seems fine - I think there is only something small stopping this working.

Thanks for your help guys!!!

BTW - the Linode support has been fantastic. I peppered them with questions last night during set up, and they responded fast and have been helpful. This morning they suggested I place this type of question here in the forum.

Cheers

Shaun

21 Replies

I assume you're reading Linode's guide? The .ssh directory goes in the home directory of the user you want to log in as, not in /etc. The short way of notating that would be ~/.ssh (~ being short for the home directory)

Thanks for that.

So I tried…

  • logging in as root

  • typing nano /.ssh/authorized_keys

…to create the file, and then copied the key into it, and save out

I get the error:

Error writing /root/.ssh/authorized_keys: No such file or directory ]

instead tried

  • typing nano ~/.ssh/authorized_keys

but get the same error

There is something fundamental I'm not understanding about how to use ~, and if it should be ssh or .shh

Can someone please elaborate a little - cheers?

Just as a note - I'm not using Linux locally, just windpws, so I am following…

'generate the SSH keys by following the instructions in our PuTTY guide.'

Can you run this command where your're authorized key file is?

ls -l the authorized key file should only have rw for owner.

-rw–----- 1 mike mike 2611 Apr 9 20:15 authorized_keys2

this is where I would start. it will not work unless the permissions are like this.

Hi kyrunner

That's the thing though - I can't save an authorized_key file - I get the errors mentioned above.

I would be brilliant if someone could type out what I write to create a new authorized_key file, and where I type that ie do I log in as root or as the 2nd user I created in one of the previous setup steps.

Thanks for your time and help.

btw typing ls -l gives me 'total 0'

1, cd .ssh

2, cat > authorized_key (then hit enter) (Then hit control D)

3, ls -l

4, report back with the ls -l command

cd .ssh gives me 'no such file or directory'

Should I be logged in as root?

When I type ls / from where I am, this is the listing…

bin cdrom etc lib media opt root selinux sys usr

boot dev home lost+found mnt proc sbin srv tmp var

No don't log in as root do all these commands as the user you want to set up ssh keys.. also don't do sudo or su just log in as the user not root and run the commands..

1, mkdir .ssh

2, cd .ssh

3, cat > authorized_keys (hit enter) (then control D)

4, ls -l

5, report back with the ls -l command

OK

It says

-rw-r–r-- 1 then my user name twice plus time info etc then authorized_keys

1, chmod og-r authorized_keys

2, ls -l

3, report back ls -l

all the same except it's now…

-rw-------

Perfect!!

1, have you have created you're public key using putty gen.. if so move on two step 2

2, copy and past your're public key into your authorized_key file

3, log into your server with the username you created the authorized_key file.

4, cd .ssh

5, vi authorized_keys

6, paste from step two into the authorized_key file

7, shiftzz

that should be it

THANKS SO MUCH Kyrunner!!! That info wasn't in the guide, so you've helped me out a tonne. I spent 6 hours trying to figure it out last night!!!!

Great so its working?

The Linode Guide is really bad it needs rewritten from scratch.

I'm glad I was able to help. if you ever need any more linux help.. I have a Linux help forum.. its in my signature.

Hi Kyrunner

Just going through those last steps.

What does shiftzz do? All it does it put a capital Z at the end of the key, and then I don't know how to save or get out of the file.

NEVERMIND - I leant that you have to hit escape first to go back to command mode

OK - I'm still getting the Server refused our key error

I'm going to try from scratch

The key that I copy from PuttyGen, do I copy ALL the data in that box, so starting with:

ssh-rsa

and ending with rsa-key- (and then 8 numbers)?

Do I need to reboot the server once I've change authorized_keys?

I'm in!!!

The ssh-rsa at the beginning of the key was missing an s (sh-rsa). Not sure why. It's fixed and that's all I care about right now!

Sorry for not explaining the shiftZZ in vi..

When ever you edit a file with vi you first start out with hitting the i butting which is insert mode.. after making changes you hit escape and shitzz to save. If you want to exit with out saving first hit escape and then :w! this will exit without any changes to the file.

I'm glad you have it working!

The next steps that you need to make are securing ssh.

1, go to /etc/ssh

2, sudo vi sshd_config

3, edit the sshd_config file and configure it to this > PermitRootLogin no

4, PasswordAuthentication no

5, restart ssh for changes

6, sudo /etc/init.d/sshd restart

By doing the above steps you will secure your server from brute force attacks trying to guess easy passwords.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct