Server refused public key despite accepting key
I have followed the sshd hardening and now I can not login via SSH and get the following error;
The only way for me to login via SSH now is to login via browser and enable "SSH Password Authorization Tweak", then use a user account to login and then sudo to root. If I keep "SSH Password Authorization Tweak" enabled for too long I get too many invalid attempts that are blocked by Bruteforce. Someone suggested here that I should do PermitRootLogin without-password in sshd_config setting, but that goes against the ssh hardening guide so I do not want to do it. The public key is authorized under "Manage root"s SSH Keys" and I am using putty and have not tried anything else (what other ssh software should I try if I have to?). Edit: Just to make sure I am doing it right, here is what I do to SSH.
Server refused public key despite accepting key
no supported authentication methods available (server sent publickey gssapi-keyex gssapi-with-mic)The only way for me to login via SSH now is to login via browser and enable "SSH Password Authorization Tweak", then use a user account to login and then sudo to root. If I keep "SSH Password Authorization Tweak" enabled for too long I get too many invalid attempts that are blocked by Bruteforce. Someone suggested here that I should do PermitRootLogin without-password in sshd_config setting, but that goes against the ssh hardening guide so I do not want to do it. The public key is authorized under "Manage root"s SSH Keys" and I am using putty and have not tried anything else (what other ssh software should I try if I have to?). Edit: Just to make sure I am doing it right, here is what I do to SSH.
- ]
- Start Putty and enter the hostname
- SSH > Auth and then browse and open the .ppk file WHM created for me earlier (after entering the password)
- in the panel I use login name root
- and then enter the password for the key I created earlier to run into the error above.
-
Hello, If you want to login as the "root" user, then you would have to change "PermitRootLogin no" to "PermitRootLogin without-password" in your /etc/ssh/sshd_config file. Otherwise, you'd have to setup another user for SSH, grant that user wheel access, access SSH as that user, and then su or sudo to root. Thank you. 0 -
@cPanelMichael Thank you, I get what you mean. I have one question. I have a default user that does not have a cpanel account. How to I create SSH keys for that user? As I will only like to give that user wheel access. Creating and using a key after adding it to "Manage root"s SSH Keys" does not allow me to login as the user. 0 -
I have a default user that does not have a cpanel account. How to I create SSH keys for that user? As I will only like to give that user wheel access.
You'd login to the user account via SSH, and then setup the key manually using a command such as:ssh-keygen -t rsa
You'd then ensure the public key is added to the /home/$username/.ssh/authorized_keys file. Thank you.0 -
The server is still refusing my key. I created the public and private key using puttygen (SSh-2 RSA - 2048 - without keyphrase). I then pasted the code from "Public key for pasting into OpenSSH authorized_keys file" into ~/.ssh/authorized_keys (and for safe measure also into id_newuser.pub and id_newuser). Can it be a rights issue? Below is my output from SSH. USERNAME@webserver [~]# ls -alh total 48K drwx------ 6 USERNAME USERNAME 4.0K Mar 23 15:02 ./ drwx--x--x. 12 root root 4.0K Mar 23 11:13 ../ -rw-r--r-- 1 USERNAME USERNAME 5.9K Mar 23 15:02 .bash_history -rw-r--r-- 1 USERNAME USERNAME 18 Jul 18 2013 .bash_logout -rw-r--r-- 1 USERNAME USERNAME 176 Jul 18 2013 .bash_profile -rw-r--r-- 1 USERNAME USERNAME 124 Jul 18 2013 .bashrc drwxrwxr-x 4 USERNAME USERNAME 4.0K Nov 25 2015 perl5/ drwxrwxr-x 2 USERNAME USERNAME 4.0K Sep 16 2014 public_ftp/ drwxrwxr-x 3 USERNAME USERNAME 4.0K Sep 16 2014 public_html/ drwx------ 2 USERNAME USERNAME 4.0K Mar 23 15:02 .ssh/ -rw-r--r-- 1 USERNAME USERNAME 1.5K Mar 23 15:02 .viminfo USERNAME@webserver [~]# cd .ssh USERNAME@webserver [~/.ssh]# ls -alh total 20K drwx------ 2 USERNAME USERNAME 4.0K Mar 23 15:02 ./ drwx------ 6 USERNAME USERNAME 4.0K Mar 23 15:02 ../ -rw------- 1 USERNAME USERNAME 737 Mar 23 14:35 authorized_keys -rw-r--r-- 1 USERNAME USERNAME 737 Mar 23 15:02 id_newuser -rw-r--r-- 1 USERNAME USERNAME 737 Mar 23 14:45 id_newuser.pub0 -
-rw------- 1 USERNAME USERNAME 737 Mar 23 14:35 authorized_keys
Hello, Ensure the permissions on this file are set to 0644:chmod 0644 /home/$user/.ssh/authorized_keys
Please confirm the specific error message if the issue persists after updating the permissions on this file. Thank you.0 -
So I deleted everything and redid it using the "ssh-keygen -t rsa" (at location /home/$username/) and then saved the public key from the .pub file to /home/$username/.ssh/authorized_keys file. Saved the private key locally and converted a ppk using puttygen (Save private key button). Started putty and under the session added my server IP, ssh > auth and added the ppk generted by puttygen and clicked open. This is what I get; Using username "$username". Server refused our key Using keyboard-interactive authentication. Password:
Here is how the rights look like;root@webserver [/home/$username/.ssh]# ls -alh total 12K drwx------ 2 $username $username 4.0K Mar 24 08:48 ./ drwx------ 6 $username $username 4.0K Mar 24 08:46 ../ -rw-r--r-- 1 $username $username 435 Mar 24 08:47 authorized_keys
What am I doing wrong?0 -
Hello, Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you. 0
Please sign in to leave a comment.
Comments
7 comments