Understanding the ‘Server Refused Our Key’ Error in PuTTY
When attempting to connect to a server via SSH using PuTTY, users may encounter an error message stating “Server refused our key.” This error indicates that the authentication process has failed because the server did not accept the private key provided by the client. To resolve this issue, it is essential to understand the underlying causes and implement appropriate solutions.
Possible Causes of Key Refusal
- Incorrect Public Key on Server: The most common reason for this error is that the public key corresponding to the private key used by PuTTY is not correctly installed on the server.
- File Permissions: On UNIX-like systems, strict permissions are required for the
.sshdirectory and theauthorized_keysfile. - Key Format Issues: PuTTY uses its own format for keys (PPK), which might differ from the OpenSSH format used on the server.
- User Account Mismatch: The key might be associated with a different user account than the one being used to log in.
- SSH Configuration Restrictions: The server’s SSH configuration file (
/etc/ssh/sshd_config) may have restrictions that prevent key-based authentication.
Diagnosing the Issue
To effectively troubleshoot the problem, you need to verify each potential cause. Checking the server logs can provide valuable insights into why the key was refused. Additionally, ensuring that the public key is correctly placed in the authorized_keys file and verifying file permissions are crucial steps.
Resolving Incorrect Public Key on Server
If the public key is incorrect or missing on the server, you will need to access the server through an alternative method (like password authentication) and install the correct public key. The public key should be appended to the ~/.ssh/authorized_keys file of the user you are trying to log in as.
Setting Correct File Permissions
The .ssh directory should have 700 permissions, and the authorized_keys file should have 600 permissions. Use the following commands to set them:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Converting Key Formats
If your key is not in PPK format, use PuTTYgen to convert it. Load the original key file and save it as a PPK file. Conversely, if you need to convert a PPK key to OpenSSH format, PuTTYgen can also perform this task.
Ensuring User Account Consistency
Verify that the username in PuTTY matches the owner of the authorized_keys file on the server. If there is a mismatch, either change the username in PuTTY or move the public key to the correct user’s .ssh directory.
Checking SSH Configuration Restrictions
Inspect the /etc/ssh/sshd_config file for directives such as AllowUsers, DenyUsers, or AuthenticationMethods that might be preventing key-based authentication. Ensure that the configuration allows for public key authentication and restart the SSH service after making changes.
Advanced Troubleshooting Techniques
Verbose Mode Logging
Using verbose mode in PuTTY can provide detailed information about the connection attempt. Enable this mode by increasing the logging level under the “Logging” section in PuTTY’s configuration settings before connecting.
Analyzing Server Logs
Check the server’s SSH logs for more details on why the key was refused. The location of these logs varies depending on the system but often can be found in /var/log/auth.log or /var/log/secure.
Examining SELinux Contexts
On systems with SELinux enabled, ensure that the context of the .ssh directory and files within it are correct. Use the restorecon command to restore the default context if necessary.
Case Studies and Examples
Let’s explore a few case studies where users faced the “Server refused our key” error and how they resolved it:
- A user had uploaded the wrong public key to the server. Upon replacing it with the correct one, the error was resolved.
- In another instance, a user discovered that their home directory on the server had incorrect permissions, leading to the refusal of the key. Adjusting the permissions fixed the issue.
- A system administrator found that the SSH daemon was configured to only allow certain users to authenticate with keys. Modifying the
sshd_configallowed other users to use key-based authentication.
Frequently Asked Questions
What does ‘Server refused our key’ mean?
This error means that the server did not accept the SSH key provided by the client during the authentication process.
How do I fix ‘Server refused our key’ in PuTTY?
Fixing this error involves checking the public key on the server, verifying file permissions, converting key formats if necessary, ensuring the correct user account is used, and reviewing the server’s SSH configuration.
Can file permissions cause ‘Server refused our key’ error?
Yes, incorrect file permissions on the .ssh directory or the authorized_keys file can lead to this error.
How do I know if my public key is in the correct format for PuTTY?
PuTTY requires keys to be in PPK format. You can use PuTTYgen to convert keys to or from this format.
Is it possible that SELinux is causing the ‘Server refused our key’ error?
Yes, if SELinux contexts for the .ssh directory or files are incorrect, it can result in this error.
References
For further reading and external resources, consider the following references:
- The official PuTTY documentation: PuTTY Documentation
- OpenSSH’s manual pages: sshd(8) – OpenBSD manual pages
- DigitalOcean’s guide on setting up SSH keys: How To Set Up SSH Keys
- GitHub’s troubleshooting guide for SSH: Error: Server refused our key or No supported authentication methods available
