SSH Auth failed: Server refused our key
Every time I create a new user on my droplet, I face this issue, waste hours figuring out what’s wrong and eventually resolve it but this time it is taking way longer and I’m stuck again.
Disconnected: No supported authentication methods available (server sent: publickey) Server refused our key. Authentication failed.
My other users on the droplet are authenticating successfully with their private keys. Unlikely to be SSH configuration issue. I’ve compared file permissions with other users, regenerated keys to ensure I don’t have stray spaces, but still the same.
Here’s what I’ve done to check that everything is in order. Suppose the new user is “newjoe”.
Keys were generated using PuttyGen, connection tested using WinSCP on SFTP.
What I did as “root”:
* adduser newjoe * vi /etc/ssh/sshd_config * AllowUsers ..... newjoe (Add "newjoe" to "AllowUsers") * cd /home/newjoe * mkdir .ssh * chown newjoe:sftponly .ssh * chmod 700 .ssh * cd .ssh * echo authorized_keys ssh-rsa AAA...........1w== rsa-key-20170908 * chmod 600 authorized_keys * chown newjoe:sftponly authorized_keys * usermod newjoe -g sftponly * usermod newjoe -s /bin/false (no SSH shell access, just SFTP) * usermod newjoe -d /home/newjoe * chown root:sftponly /home/newjoe * service ssh restart
What have I missed out? Seems straightforward but eluding me. Or is there a better way to view more informative logs for this problem?
Some important ssh config lines:
PermitRootLogin no PubkeyAuthentication yes AuthorizedKeysFile /home/%u/.ssh/authorized_keys PasswordAuthentication no AllowUsers xxxxxxx newjoe # This section must be placed at the very end of sshd_config Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no
Many thanks in advance.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.