ssh-ing with PuTTY to Linux box

03-18-2008	#1 (permalink)
JVincent08 Just Joined! Join Date: Feb 2008 Posts: 72	ssh-ing with PuTTY to Linux box I'm trying to set up an ssh server on my Linux box and connect to it using PuTTY and I seem to have done most of it right, but when I try to log in with PuTTY I get "Server refused our key" but I can still type in my password and log in normally. I get this when using both the rsa and dsa (what's the difference anyway?) keys I made with PuTTY.

03-18-2008	#2 (permalink)
kakariko81280 Linux Enthusiast Join Date: Apr 2004 Location: UK Posts: 597	If I recall correctly, putty and openssh v2 use different formats for the generated keys. Investigate the conversion menu on puttygen and check the documentation for more information. Let us know how you get on, Chris... __________________ DRM keeps an honest user loyal

03-18-2008	#3 (permalink)
JVincent08 Just Joined! Join Date: Feb 2008 Posts: 72	On the Puttygen program you can choose between ssh-1 (RSA), ssh-2 RSA, and ssh-2 DSA. I made keys for ssh-2 RSA and DSA

03-18-2008

#4 (permalink)

HROAdmin26

Linux Engineer

Join Date: Nov 2007

Posts: 1,278

If password auth is allowed, then keys are not required to log in via SSH:

Quote:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no

03-18-2008

#5 (permalink)

kakariko81280

Linux Enthusiast

Join Date: Apr 2004

Location: UK

Posts: 597

From the documentation section 8.2.12

Quote:

However, SSH-2 private keys have no standard format. OpenSSH and ssh.com have different formats, and PuTTY's is different again. So a key generated with one client cannot immediately be used with another.

Quote:

PuTTYgen can also export private keys in OpenSSH format and in ssh.com format. To do so, select one of the ‘Export’ options from the ‘Conversions’ menu. Exporting a key works exactly like saving it ( see section 8.2.8 ) - you need to have typed your passphrase in beforehand, and you will be warned if you are about to save a key without a passphrase.

Let us know how you get on,

Chris...

__________________
DRM keeps an honest user loyal

03-18-2008

#6 (permalink)

JVincent08

Just Joined!

Join Date: Feb 2008

Posts: 72

Quote:

If password auth is allowed, then keys are not required to log in via SSH:

PasswordAuthentication is set to no. I want keys to be required.

I exported the keys to Open-SSH2 format and now I get "Unable to use key" before the login prompt. I get this with both rsa and dsa keys.

03-18-2008	#7 (permalink)
JVincent08 Just Joined! Join Date: Feb 2008 Posts: 72	When loading the exported keys with Puttygen, it says in order to use it you have to save it as Putty's native format.. But if Putty's format won't work with OpenSSH's then how can I use Putty to log into my box? Also, why is my box even allowing me to log in to begin with? If it just ignores the keys, whether they're valid or not, then anyone can log in can't they? Last edited by JVincent08; 03-18-2008 at 08:44 PM.. Reason: typos

03-18-2008	#8 (permalink)
HROAdmin26 Linux Engineer Join Date: Nov 2007 Posts: 1,278	There are lots of hits in Google on this - have you taken a look? Maybe this page will help...

03-18-2008	#9 (permalink)
JVincent08 Just Joined! Join Date: Feb 2008 Posts: 72	I did everything that page describes the first time.

03-18-2008	#10 (permalink)
JVincent08 Just Joined! Join Date: Feb 2008 Posts: 72	Ok, now I've got it. The problem seemed to be with the line "#PubkeyAuthentication no" in sshd_config. When commented, the key is refused. When uncommented, whether it is set to no or not, the key is accepted. But my real concern remains the same -- Why am I still able to log in even when the key is refused? Shouldn't I only be allowed in when it is accepted? And I can even log in with no key at all.