SSH with Public Key in openSUSE 15.5

I´m struggling with it, don´t know if the problem is with me or the configuration. I always did the following and it always worked. Of course the key is in the right location and with the right format. User get a “server refuse our key” and if he enters his password, he can SSH, even when is stated that the password authentication is disabled:

adduser user1
usermod -aG sudo user1
mkdir /home/username
mkdir /home/username/.ssh
touch /home/username/.ssh/authorized_keys
chmod 700 /home/username/.ssh
chmod 600 /home/username/.ssh/authorized_keys
chown username:group /home/username/.ssh/authorized_keys
chown username:group /home/username/.ssh/authorized_keys

nano /etc/ssh/sshd_config
PubkeyAuthentication yes
PasswordAuthentication no
AuthorizedKeysFile .ssh/authorized_keys %h/.ssh/authorized_keys
systemctl restart sshd

if the user runs ssh -vvv user@host we can see an “invalid key format” error. But well my key works and we use the same software to generate our Keys (PuttyGen). We tried as well with all the exporting options in the tool without success…so main question is why my key works as root and as well as normal user (I created one just to double check it wasn´t that problem).

What it as well puzzles me is that PasswordAuthentications is disabled, but even with that it ask the user for a password after “server refuse our key” error.

Firewall is disabled or the ssh-Port is opened??

Also you wrote the Server config in your post?

If the client is a linux client, you can use:
ssh-keygen
ssh-copy-id

to copy the key to the server.

I seem to recall that Putty uses different key formats. But I think there’s an option to convert to “openssh” format.

I use (in sshd_config):

PermitRootLogin prohibit-password
PasswordAuthentication no
ChallengeResponseAuthentication no

The password request that you are seeing is probably due to ChallengeResponseAuthentication.

What type of key are you using?

Can you share the output from your ssh -vvv command so we can see all the debug messages? (Obscuring any sensitive information, naturally)

Thanks for your reply, and sorry for taking so long to write back as we had a long weekend over here. I will try that and let you know.

I will try that as well and paste the info here, thanks.

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\user/.ssh/id_rsa
debug1: Trying private key: C:\\Users\\user/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\user/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\user/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\\Users\\user/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\user/.ssh/id_ed25519_sk
debug1: Trying private key: C:\\Users\\user/.ssh/id_xmss
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
user@server: Permission denied (publickey).

It is still really strange as I can, and my home folder and user has the same rights has his home folder and user…unless I´m missing something.

Ok I found the solution. Even when PuttyGen is on the last version. The key generated wasn´t right. I asked the user to generate two new keys (Private and Public) with PowerShell as stated here Generate SSH Key on Windows with Windows CMD/PowerShell | GridPane and worked smoothly. Just crazy.

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.