Server refused public-key signature despite accepting key

February 2, 2016 7.1k views
Nginx Security

I created a user with root privileges, but when I try to log in as root, I get the following error: Server refused public-key signature accepting despite key. And the server asked me for a password, but I have no password because I should access through ssh key.

But if I go to the server with the user I created with root privileges, it works well with ssh keys. I use the same key for both root ssh to the new user. I generated the key with PuTTYgen.

I use Nginx.

How can I solve that?

Thanks!

1 comment
1 Answer

Since you appear to have a user you can access, look at the actual error in /var/log/auth.log.

Assuming a default install, if you can't log in via SSH pubkey authentication, it's generally because of a lacking ~/.ssh/authorized_keys file, the wrong key being set in that file, or bad permissions on that file or its containing directory. Giving the wrong key from your client can also lead to issues.

On the client side, you can use ssh -vv (or find a way in Putty to enable additional logging) to verify what's going on.

  • What can i do to fix it?

    • I don't know, that's why you need to go look at the error message. What do you see?

      • If i try enter to the server as root , this appear in auth.log

        Feb 2 18:52:12 Nubbo sshd[2565]: ROOT LOGIN REFUSED FROM 81.38.114.141
        Feb 2 18:52:12 Nubbo sshd[2565]: ROOT LOGIN REFUSED FROM 81.38.114.141 [preauth]
        Feb 2 18:52:36 Nubbo sshd[2565]: Failed password for root from 81.38.114.141 port 57743 ssh2
        Feb 2 18:52:37 Nubbo sshd[2565]: message repeated 3 times: [ Failed password for root from 81.38.114.141 port 57743 ssh2]
        Feb 2 18:52:37 Nubbo sshd[2565]: Disconnecting: Too many authentication failures for root [preauth]
        Feb 2 18:52:50 Nubbo sshd[2567]: Accepted publickey for demouser from 81.38.114.141 port 57785 ssh2: RSA 0c:55:9e:92:3c:b1:8b:0e:fb:89:7d:29:50:75:8d:27
        Feb 2 18:52:50 Nubbo sshd[2567]: pam_unix(sshd:session): session opened for user demouser by (uid=0)
        Feb 2 18:53:22 Nubbo sshd[2658]: Connection closed by 89.219.72.156 [preauth]

        Use the same ssh key for root and demouser, but with root appears this: Server refused public-key signature despite accepting key, and asks me a password that does not exist.

        • Is it possible you have PermitRootLogin set to no? That would be in /etc/ssh/sshd_config

          • I already set PermitRootLogin to no and try to set PasswordAuthentication to no too. But don't work.

          • PermitRootLogin controls whether root is permitted to login. If you want root to be allowed to log in, you would set it to yes.

        • @jmartin688daf69 - Just in case you haven't solved this yet, try temporarily using the .ssh directory of your admin user for diagnostic purposes:

          ## assumes you are logged in as non-root admin user
          mv -f ~root/.ssh ~root/.ssh.orig
          cp -Rvp ~/.ssh ~root
          ## now try to remote ssh as root
          
Have another answer? Share your knowledge.