Question

SSH Auth failed: Server refused our key

Every time I create a new user on my droplet, I face this issue, waste hours figuring out what’s wrong and eventually resolve it but this time it is taking way longer and I’m stuck again.

Disconnected: No supported authentication methods available (server sent: publickey)
Server refused our key.  
Authentication failed.

My other users on the droplet are authenticating successfully with their private keys. Unlikely to be SSH configuration issue. I’ve compared file permissions with other users, regenerated keys to ensure I don’t have stray spaces, but still the same.

Here’s what I’ve done to check that everything is in order. Suppose the new user is “newjoe”.

Keys were generated using PuttyGen, connection tested using WinSCP on SFTP.

What I did as “root”:

*  adduser newjoe
*  vi /etc/ssh/sshd_config
*    AllowUsers ..... newjoe (Add "newjoe" to "AllowUsers")
*  cd /home/newjoe
*  mkdir .ssh
*  chown newjoe:sftponly .ssh
*  chmod 700 .ssh
*  cd .ssh
*  echo authorized_keys ssh-rsa AAA...........1w== rsa-key-20170908
*  chmod 600 authorized_keys
*  chown newjoe:sftponly authorized_keys
*  usermod newjoe -g sftponly
*  usermod newjoe -s /bin/false (no SSH shell access, just SFTP)
*  usermod newjoe -d /home/newjoe
*  chown root:sftponly /home/newjoe
*  service ssh restart

What have I missed out? Seems straightforward but eluding me. Or is there a better way to view more informative logs for this problem?

Some important ssh config lines:

PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile /home/%u/.ssh/authorized_keys
PasswordAuthentication no
AllowUsers xxxxxxx newjoe

# This section must be placed at the very end of sshd_config
Match Group sftponly
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

Many thanks in advance.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

What is echo authorized_keys ssh-rsa A...= rsa-key-20170908 supposed to do?