SSH Public/Private Key Issue
Image: Ubuntu 12.04
So, the good news:
I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).
The Bad News:
No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the Securing Your Server - Using SSH Key Pair Authentication
I used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.
I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.
I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?
21 Replies
-Tim
@theckman:
When exporting your key out of PuttyGen to upload to your server, did you convert it to OpenSSH format? It needs to be in this format so you can use it on your Linode (or any Linux system for that matter).
-Tim
No, I didn't (none of the guides made mention of that). I just went in and loaded my private key and then went to "Conversions -> Export OpenSSH Key" and created a new public key file. I deleted everything under my user .ssh directory (rm -r .ssh) and repeated steps 4 - 6 to install the file and set permissions.
Logged out, connected - still prompted for a username and password.
If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.
-Tim
@DigitalNoise:
First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem…
Image: Ubuntu 12.04
So, the good news:
I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).
The Bad News:
No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the
to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it). Securing Your Server - Using SSH Key Pair AuthenticationI used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.
I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.
I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?
Search for my name In the forums I created a step by step guide for doing this about a month ago
@theckman:
That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.
If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.
-Tim
Hi Tim, can you use the write up I done awhile back? there is a tone of info missing in the linode wiki for setting up public keys.
@theckman:
That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.
If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.
-Tim
I'm sorry - in my original reply I meant that I went and tried that after reading your suggestion, and I'm still not having any luck. It still seems to just ignore the fact that there's any key file there at all.
@kyrunner:
@DigitalNoise:First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem…
Image: Ubuntu 12.04
So, the good news:
I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).
The Bad News:
No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the
to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it). Securing Your Server - Using SSH Key Pair AuthenticationI used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.
I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.
I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?
Search for my name In the forums I created a step by step guide for doing this about a month ago
I haven't had a problem creating the key file or getting it uploaded and into the right directory with the right permission's - Linode's guide is quite clear about those parts.
My issue is that Ubuntu just seems to ignore the fact that there's any key file there at all.
ls -l authorized_keys
@kyrunner:
run this command on your authorized_key file.
ls -l authorized_keys
blah@blah:~/.ssh$ ls -l authorized_keys
-rw------- 1 blah blah 963 May 22 00:40 authorized_keys
@DigitalNoise:
@kyrunner:run this command on your authorized_key file.
ls -l authorized_keys
blah@blah:~/.ssh$ ls -l authorized_keys -rw------- 1 blah blah 963 May 22 00:40 authorized_keys
run this command grep -v "^#" /etc/ssh/sshd_config
@kyrunner:
@DigitalNoise:
@kyrunner:run this command on your authorized_key file.
ls -l authorized_keys
blah@blah:~/.ssh$ ls -l authorized_keys -rw------- 1 blah blah 963 May 22 00:40 authorized_keys
run this command grep -v "^#" /etc/ssh/sshd_config
blah@blah:~$ grep -v "^#" /etc/ssh/sshd_config | more
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
I had to pipe it to more so I could copy/paste as I'm having to use the LISH Ajax console because Port 22 is blocked at work - I have a feeling that pretty much every port is going to be.
This is the default file - I've not made any changes to it as yet.
Using username "blah".
Server refused our key
blah@12.34.56.78's password:
By disabling the use of Pagent in PuTTY.
Still don't understand why the keys are not being accepted. I've done research and I've done everything exactly the way many other sites indicate to set this up, but it doesn't work.
The home folder for the user should have permissions
drwx------
The .ssh directory within the user home folder may need permissions
dr-x--x--x or dr-x------
the authorized_keys file within the .ssh directory in the home folder may need permissions (once modified)
-r-------
There is either an issue with PuTTYgen generating valid public SSH keys or with Ubuntu 12.04 accepting them, because:
3. Rebooted into my local Ubuntu 10.10 install
Ran ssh-keygen from the local console
Performed steps 4 - 6 from the Linode Library guide to install the public key
Tested from my local Ubuntu install - success!
Rebooted back into Windows 7
Imported private key generated from ssh-key into PuTTYgen
Exported private key in PuTTY format
Configured PuTTY to use key file from step 7.
?
Profit!
Not sure which one would be at fault here, but at least it's working now.
Did the trick for me after some frustration so thanks for posting your solution!
@ggrigery:
I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.
Did the trick for me after some frustration so thanks for posting your solution!
Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.
Glad it's working though.
@sednet:
@ggrigery:I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.
Did the trick for me after some frustration so thanks for posting your solution!
Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.
Glad it's working though.
I'm more curious as to why Ubuntu 12.04 isn't generating the correct key or format out of the box. I made a post on the Ubuntu official forums but there were only crickets (and, considering those forums… not surprising).
@DigitalNoise:
@sednet:
@ggrigery:I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.
Did the trick for me after some frustration so thanks for posting your solution!
Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.
Glad it's working though.
I'm more curious as to why Ubuntu 12.04 isn't generating the correct key or format out of the box. I made a post on the Ubuntu official forums but there were only crickets (and, considering those forums… not surprising).
I'm more curious as to why Ubuntu 12.04 isn't generating the correct key
It's a different product?
The Ubuntu forums have always been great for me.
@DigitalNoise:
@sednet:
@ggrigery:I just wanted to post a confirmation on what DigitalNoise tried. I was having the same exact problems with Ubuntu 12.04. I ended up generating the key pair using the Linux ssh-keygen command, moving the contents of the generated public key into ~/.ssh/authorized_keys, and converting the private key into the PuTTY .ppk format.
Did the trick for me after some frustration so thanks for posting your solution!
Pendantic comment - ssh-keygen isn't a Linux command, it's a OpenSSH command developed on OpenBSD and ported to Linux.
Glad it's working though.
I'm more curious as to why Ubuntu 12.04 isn't generating the correct key or format out of the box. I made a post on the Ubuntu official forums but there were only crickets (and, considering those forums… not surprising).
Neither Ubuntu nor Putty are using keys wrong, they are just using different key formats.
SSH on Ubuntu 12.04 generates OpenSSH formated keys, it does the same as every other Linux and *BSD. If you want to use key authentication with putty you need to convert them into the .ppk format that putty uses either with puttygen or ssh-keygen.
Tried to convert my keys to the OpenSSH format, still cannot FTP to this.
I'm almost to give up this linode.
Server refused our key