Server refused our key – Setting up public key authentication to a Linux box

Just a quick update because I just wasted an hour trying to get public key authentication working between Windows 7 and my Centos 6.5 box.

Whilst perusing the Internet I saw, (and disregarded) someone saying that during his copy/paste of the public key from puttygen.exe, he lost the first character of the key and this caused his problems.

Fast forward an hour and I noticed my public key showed:

sh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA2oSZAdVQHzDyKXiPbKYZjqIMbJg9QLdbDHtdX5giwP5Vpn6f2byLeDZmo1TU6+Osxo70UCo+km0x4R6DIBeI0tazI4qO8JJaxox1tJYIiHbIW+8OlF7Zi7nmNutOCFFfMt95oIAUPfDWeT4qn4D76buM8H9353q180ORL37TepiPU/A1Dqsos/FT27GL9e0jniRvg/nfc9SmLWgxW+BgJReTYs0LnrqKrknd4iDl9Md+Jqv8cdx5F4bbP1B+2KkoKJW1H8C3TKLtdiRR5WhfcDip+mMzPenphcIUFbx2NI3QP7HI8mmNjUhDqw0B4BIR/Qv3goZSvQLHXurciDBzww== rsa-key-20140906

Well, I thought nothing of it until after further troubleshooting I had upgraded the sshd loglevel to DEBUG3 and noticed a message in /var/log/secure that said:

Sep  6 20:40:06 centos sshd[2941]: debug2: key_type_from_name: unknown key type ‘sh-rsa’

Then I remembered what I read earlier, the first character of the public key was missing.  I modified my public key to begin ‘ssh-rsa’ instead of ‘sh-rsa’ and I was in.

I still had the puttygen screen open and I could see I did actually select the whole key so since me and the other guy had the same problem, other people could have the same problem too.

Finally, before I close, a few more tips.  Make sure the permissions on the users .sshd folder are set to 700 and 600 on the authorized_keys file.

Make sure the public key you paste into authorized_keys, doesn’t have any line breaks.  i.e.  If this is the first one you are doing on this server, wc -l ~/.sshd/authorized_keys should return 1 line.

Don’t forget to restart sshd after you make changes / before testing.

I hope this helps you, if it does, it would be great if you would leave a comment.

Cheers,

Sean

Leave a Reply

Your email address will not be published. Required fields are marked *