[JVincent08]

I'm trying to set up an ssh server on my Linux box and connect to it using PuTTY and I seem to have done most of it right, but when I try to log in with PuTTY I get "Server refused our key" but I can still type in my password and log in normally. I get this when using both the rsa and dsa (what's the difference anyway?) keys I made with PuTTY.

[kakariko81280]

If I recall correctly, putty and openssh v2 use different formats for the generated keys.

Investigate the conversion menu on puttygen and check the documentation for more information.

Let us know how you get on,

Chris...

[JVincent08]

On the Puttygen program you can choose between ssh-1 (RSA), ssh-2 RSA, and ssh-2 DSA. I made keys for ssh-2 RSA and DSA

[HROAdmin26]

If password auth is allowed, then keys are not required to log in via SSH:

Quote:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no

[kakariko81280]

From the documentation section 8.2.12

Quote:

However, SSH-2 private keys have no standard format. OpenSSH and ssh.com have different formats, and PuTTY's is different again. So a key generated with one client cannot immediately be used with another.

Quote:

PuTTYgen can also export private keys in OpenSSH format and in ssh.com format. To do so, select one of the ‘Export’ options from the ‘Conversions’ menu. Exporting a key works exactly like saving it ( see section 8.2.8 ) - you need to have typed your passphrase in beforehand, and you will be warned if you are about to save a key without a passphrase.

Let us know how you get on,

Chris...

[JVincent08]

Quote:

If password auth is allowed, then keys are not required to log in via SSH:

PasswordAuthentication is set to no. I want keys to be required.

I exported the keys to Open-SSH2 format and now I get "Unable to use key" before the login prompt. I get this with both rsa and dsa keys.

[JVincent08]

When loading the exported keys with Puttygen, it says in order to use it you have to save it as Putty's native format.. But if Putty's format won't work with OpenSSH's then how can I use Putty to log into my box?

Also, why is my box even allowing me to log in to begin with? If it just ignores the keys, whether they're valid or not, then anyone can log in can't they?

[HROAdmin26]

There are lots of hits in Google on this - have you taken a look?

Maybe this page will help...

[JVincent08]

I did everything that page describes the first time.

[JVincent08]

Ok, now I've got it. The problem seemed to be with the line "#PubkeyAuthentication no" in sshd_config. When commented, the key is refused. When uncommented, whether it is set to no or not, the key is accepted. But my real concern remains the same -- Why am I still able to log in even when the key is refused? Shouldn't I only be allowed in when it is accepted? And I can even log in with no key at all.