Putty

Server refused our public key’ or ‘Key refused’ error

News	Telnet protocol	Recommended Links	Teraterm Macros	Reference for macrolanguage	LogMeTT	TTPMenu
CygTerm+	Cygwin	Expect	SSH	Password-less SSH login	TTSSH	Usage of SCP with Teraterm
GNU Screen	Exceed HostExplorer	Putty	Telnet protocol	Tips	Humor	Etc

Putty is a simple Telnet/RSH/SSH client with a simple interface. Sometimes, too simple. I use Putty a lot and have often some concurrent connections. No tabbed interface. The main advantage is the ability use public/private key authentication. But doing with reading manual often backfires ;-)

If you see the message Server refused our public key, it means that PuTTY has sent a public key to the server and offered to authenticate with it, and the server has refused to accept authentication.

The problem here is that you probably exported putty generated key to the server you are trying to connect. that's an error: putty generate keys in a slightly different format. The correct way is cut and paste the key directly from the puttygen window.

alternatively and you can generate them on the server and then convert private key into putty-compatible format.

The other thing you should do is check your server configuration carefully. Also, read the PuTTY Event Log; the server may have sent diagnostic messages explaining exactly what problem it had with your setup.

1. create public and private key on Unix/Linux - just as you have, for example
```
ssh-keygen -t rsa 
```
Add the public key to $HOME/.ssh/authorized_keys on the Unix/Linux box. Server to which you are connecting is interested only in $HOME/.ssh/authorized_keys.
```
cd .ssh
cp identity.pub authorized_keys
chmod 600 authorized_keys
```
Ensure the keys and authorized_keys are -rw-------
Transfer the private key to Windows
Use puttygen to create a putty type key identity.ppk -- import it in puttygen and save to the folder
Launch putty using
putty -l your_user_name -i private_key_generated_by_putty <server>

Old News

[Jul 2, 2009] How To Configure SSH Keys Authentication With PuTTY And Linux Server In 5 Quick Steps HowtoForge - Linux Howtos and Tutorials

Configure your Linux server (create user, save public key)

For this guide let's assume you regular login name is autotimesheet (replace it with one that you use regularly).

As root, on the shell, type:

adduser autotimesheet --disabled-password

You will be asked to fill in some details such as the user's real name (empty string is fine).

Now type:

su autotimesheet
cd /home/autotimesheet
mkdir .ssh
chmod 700 .ssh
cd .ssh

Then in that folder, create and edit a file called authorized_keys2.

In there, cut/paste your public ssh key, on ONE LINE (That is very important!!!)

Do not add the email@example.com at the end of the line.
Do not add the BEGIN PUBLIC KEY or END PUBLIC KEY.
Do not add the rsa-key-20090614 at the end.
Make sure, there is ssh-rsa at the beginning.

It should be something like:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBzPeFQv+295iKzuuPH0jA9449pSHVpCwXvCR9EstmYh...

Type:

chmod 600 authorized_keys2

How to set up SSH keys Frustration with Server refused our key

Submitted by andre on Fri, 2006-06-30 01:34.Geeky
So you're trying to set up ssh keys on your windows box with putty and you keep getting "Server refused our key". Read on, I've got your solution... but first lets take a look at what you've done so far.

Chances are you have done some/none/all of the following:
opened up puttygen.exe

generated a key after wiggling your mouse

entered a strong passphrase
saved the public key to something like
pubkey
saved the private key to something like
privatekey.ppk
moved your public key up to the server
(maybe even) converted the format of the key from putty to openssh with something like
ssh-keygen -if pubkey > pubkey_openssh_format
changed some permissions like
chmod 700 .ssh
added your pubkey to the authorized_keys file with something like
cat pubkey >> .ssh/authorized_keys
changed some more permissions like
chmod 600 authorized_keys
changed your putty settings under "connection > SSH > auth" to use
privatekey.ppk
tried to connect and...
"Server refused our key"

Well - from what I have read that's supposed to work... but it didn't work for you did it?

Your problem has nothing to do with how well you followed these well documented procedures for getting ssh keys to work.
The solution to the problem is...
(brace yourself, its really simple) to try generating the keys on the server (unix, linix, bsd etc.) instead of the client (i.e. in windows).

Try the following:
ssh to your server using good old user name and password
do check permissions on your ~/.ssh folder and make sure to
chmod 700 .ssh
if they are wrong
do check permissions on your ~/.ssh/authorized_keys file and make sure to
chmod 600 authorized_keys
if they are wrong
generate the keys on the server with something like
ssh-keygen -t dsa
(or rsa - read the man pages if your don't know how to use ssh-keygen
accept the file names it wants to use

enter a strong passphrase
add the pub key to the authorized_keys file with something like
cat id_dsa.pub >> .ssh/authorized_keys
copy the private key (id_dsa) to your local windows machine (use winscp or sftp or some such tool)

NOW open puttygen.exe

under actions select "load" and load the id_dsa file

enter the passphrase you set when you generated the key on the server. Puttygen will now convert the key to something that putty will understand
save that file to something like
pivatekey.ppk
NOW change your putty settings under "connection > SSH > auth" to use
privatekey.ppk
NOW try and connect

enter the passphrase when prompted

pat yourself on the back. You're connected to the server (I hope)
Now all you have to do is figure out a way to not have to always enter that passphrase. Well that will require setting up puttyagent. But, I'll let you figure that out for yourself.

I really hope this helped you out. I wasted too much of my life figuring this out this evening and I hope I saved you hours of aggravation.

Have comments? Want to say thanks? Leave a comment. Or if you feel really generous send me a buck or three ;-)

Recommended Links

How To Fix “Server Refused Our Key” Error That Caused By Putty Generated RSA Public Key

Phone System Tech Support macros in puTTY

Look into Tunnelier and Plink if you're using the SSH abilities of puTTY. An official "scripting" language for puTTY is reportedly only half-written at this point. If using the telnet aspect only, then consider using ProComm Plus. It has an increadibly powerful scripting language.

Here is one killer of a bet. It's a free utility called AutoHotKey, which automates keyboard and mouse actions AND has been tested with puTTY.

PuTTY hacking guide

Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with.
We do not warrant the correctness of the information provided or its fitness for any purpose
In no way this site is associated with or endorse cybersquatters using the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with bad faith intent to profit from the goodwill belonging to someone else.

Last modified: August 08, 2009