SSH Auth failed: Server refused our key

December 18, 2017 5k views
Security Ubuntu 16.04

Every time I create a new user on my droplet, I face this issue, waste hours figuring out what's wrong and eventually resolve it but this time it is taking way longer and I'm stuck again.

Disconnected: No supported authentication methods available (server sent: publickey)
Server refused our key.  
Authentication failed.

My other users on the droplet are authenticating successfully with their private keys. Unlikely to be SSH configuration issue. I've compared file permissions with other users, regenerated keys to ensure I don't have stray spaces, but still the same.

Here's what I've done to check that everything is in order. Suppose the new user is "newjoe".

Keys were generated using PuttyGen, connection tested using WinSCP on SFTP.

What I did as "root":

*  adduser newjoe
*  vi /etc/ssh/sshd_config
*    AllowUsers ..... newjoe (Add "newjoe" to "AllowUsers")
*  cd /home/newjoe
*  mkdir .ssh
*  chown newjoe:sftponly .ssh
*  chmod 700 .ssh
*  cd .ssh
*  echo authorized_keys ssh-rsa AAA...........1w== rsa-key-20170908
*  chmod 600 authorized_keys
*  chown newjoe:sftponly authorized_keys
*  usermod newjoe -g sftponly
*  usermod newjoe -s /bin/false (no SSH shell access, just SFTP)
*  usermod newjoe -d /home/newjoe
*  chown root:sftponly /home/newjoe
*  service ssh restart

What have I missed out? Seems straightforward but eluding me. Or is there a better way to view more informative logs for this problem?

Some important ssh config lines:

PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile /home/%u/.ssh/authorized_keys
PasswordAuthentication no
AllowUsers xxxxxxx newjoe

# This section must be placed at the very end of sshd_config
Match Group sftponly
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

Many thanks in advance.

1 Answer

What is echo authorized_keys ssh-rsa A...= rsa-key-20170908 supposed to do?

  • Sorry I wasn't clear. That line was to create the "authorized_keys" file with the public key contents. I didn't put the entire key out.

Have another answer? Share your knowledge.