Question

SSH Server refused our key

I’ve been at this an hour and just cannot get SSH to bloody work. I tried this last year and gave up, thought I would give it a crack.

I follow the tutorial: https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps

One difference is the command to close was “Esc, :, w, q, Enter” That did not work so I looked it up and SHIFT + Z + Z saves the file and closes it. I rechecked the file and it indeed saved it.

I go to connect and no lucky, big fat “Server refused our key” I don’t know what to do, why is SSH not easy to setup, I want it to be secure but no lets make it stupidly hard! I’m a go grumble over here and be incredibly appreciative of any help lol

Subscribe
Share

Thank you so much for this question. I catch it and solved through this topic.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

@Thrax

How you’d go about setting it up really depends on whether you’re trying to set it up for root or for a non-root user. The steps are almost the same, but differ slightly.

For example, for root, ~/.ssh already exists so it doesn’t need to be created. For all other users, it does and you need to set proper permissions on those directories.

That being said, the easiest method of deploying SSH keys is to simply deploy them with the server so that you don’t need to physically add the initial one (for the root user).

How you log in also depends on your OS. If you’re on MacOS (or OS X), then you’d run:

ssh user@server_ip -i ~/.ssh/private_key

Where user is the username (such as root or the user you created), server_ip is the Droplet IP, and the path at the end, ~/.ssh/private_key, is the path to your private key that was generated when you created your key pair.

If you’re on Windows, it’s a little different depending on what you use to log in. Most commonly, PuTTy is used, which requires that you convert the OpenSSH key to a PuTTy formatted key, and then use that key to login. It’s an extra step, but many programs use PuTTy key format (such as FileZilla).

So my first question would be, what OS are you using (MacOS or Windows)?

Next, what program are you using to try to login, Terminal (Mac OS), PuTTy, or something else?

If you still have your key rejected despite having all of the permissions and ownership set correctly, you may need to change the user’s password from the default “locked” (which is a hash that is or starts with !) to an “impossible” hash (assuming you don’t want the user to log in with a password) with usermod -p "*" username. the full explanation is available at https://arlimus.github.io/articles/usepam/

This is an amazing post thank you so much for the detailed answers. I had a similar problem - Filezilla gave an error when trying to upload a file, even though it logged in correctly, showed the directory tree of the server correctly, too.

After genning a new key, making sure I didn’t accidentally remove any of the first characters in the cut and paste of the public key (great hint btw), I found this:

In putty, under File, SiteManager, Advanced tab, click “UNIX” for server type. This clears up the Filezilla rejecting the transfer even though correctly logged in. so random…

Just throwing it out there for anyone who may have a similar issue in the future: I always forget to set file permissions properly when I set up ssh for a new user on my server.

cd ~ chmod -r 700 .ssh chmod 600 .ssh/authorized_keys

Additionally, check that the correct user:group is assigned.

ls -la | grep ssh

If not:

sudo chown -R <user>:<group> .ssh

Hi @Thrax

I have no idea why the tutorial is using vim or even sudo. In bullet 3, simply run this nano ~/.ssh/authorized_keys to edit your key. And skip 4+5.

The only thing I can think of would be that you didn’t convert from PuTTY to OpenSSH. Or that you’re connecting with a wrong private key, after you’ve added the public key to the server.

When you log in to the server to add the public key, do you do that as root?