Walker News

How To Fix “Server Refused Our Key” Error That Caused By Putty Generated RSA Public Key?

The SSH-2 protocol supports few user authentication types, one of which is public-key cryptography.

Other than security benefit, using public-key cryptography in SSH protocol is relatively easier to implement password-less or non-interactive authentication.

For example, a scheduled shell script can use scp (secure copy) to automate file-transfer between hosts seamlessly in background, without user interaction during authentication stage.

With OpenSSH, default SSH client/server software bundled with most Linux distributions, the ssh-keygen program is used to generate a pair of such cryptographic keys.

As for Putty, popular SSH client suite for Windows, there is this Puttygen program to provide similar functions of ssh-keygen.

However, there is incompatibility issue between RSA type of public key generated by ssh-keygen and Puttygen.

Having said that, you can’t install OpenSSH-generated private key in Putty program. Otherwise, the public-key authentication failed with message that says “Unable to use key file “E:\id_rsa” (OpenSSH SSH-2 private key)”.

Similarly, it’s not possible to install a Puttygen-generated public-key directly into OpenSSH authorized_keys file. If you do so, Putty fails with “Server refused our key” error message during authentication.

So, how to install a Putty-generated RSA type of Public-key in OpenSSH authorized_keys file?

This is the latest “silent” screencast in WalkerNews Channel @ YouTube (alive with background music from AudioSwap):
If you’re on fast and stable connection, please click the HQ button on for watching this screencast in high quality video mode.



As you’ve seen, the trick is to modified a Puttygen-generated public-key to the format of OpenSSH-generated public-key:

1) Edit Putty-generated public-key file with Vi editor,

Original RSA type of public-key generated by Puttygen program.
Original RSA type of public-key generated by Puttygen program.

2) Delete the first two and the last line,

3) Join the remaining lines into one single line, by using the Shift+J command shortcut. Remember to trim space between two line joined by CTRL+J command.

4) Insert ssh-rsa keyword (with one trailing space) in front of the single line.

5) [ OPTIONAL ] Append Login_ID@Host_name keyword (with a initial space) at the end of the single line (replace Login_ID and Host_name with your SSH login ID and host name accordingly).

Modified, tweak RSA type of public-key generated by Putty client program, to be installed into OpenSSH authorized_keys file.
Modified, tweak RSA type of public-key generated by Putty client program, to be installed into OpenSSH authorized_keys file.

6) Append the modified, tweaked Putty-generated public-key (RSA type) to OpenSSH authorized_keys file.

Now, Putty is able to login OpenSSH server with its own set of public-key and private-key pair:

Trick to fix Server Refused Our Key in Putty.

Custom Search

  1. anonymous 08-05-09@21:52

    thanks a lot, this not working annoyed the hell out of me, know everything works fine, ta

  2. matt_b 07-07-09@16:15

    Thanks for this tip – I was banging my head off the desk trying to get my Windows box to SSH into my ESXi box without a password, and this solved the problem :)

  3. XPaY 27-08-09@19:16

    Hi,

    Thanks I was tring to fix this problem since 2 hours!

  4. Montall 11-10-09@06:32

    Message “Server refused our key” can be generated even if you will follow these instructions – remember that permissions for .ssh or authorized_keys should exactly follow grants issued with “chmod 700″ for .ssh and “chmod 600″ for authorized_keys.

  5. nay 21-10-09@21:24

    Thanks very much, very didactic and helpfull

  6. Shri 27-10-09@17:32

    After following your steps, I am getting the prompt for the pass phrtase, but after I enter that, it says “Server unexpectedly closed network connection”.
    Please help.

  7. Walker 29-10-09@22:21

    Mostly likely that is caused by too many packet loss, i.e. run a continuous ping to the server, from where you run SSH.

  8. zoehighland 14-12-09@13:32

    If I followed the steps,including generating and editing the key, as well as chmod command, is there any other reasons which may cause the “server refused our key”.

    Another Hint: there is another key in a file named know_hosts, and I even tried to edit the key according to this file’s format. I failed again.

  9. Jay 24-12-09@07:21

    Thanks for the tip, it helped out greatly. I was able to get it to work and still leave the first line and last two lines in the public key. All I did was concatenate the hash lines into one line and add the ssh-rsa + space part at the beginning. This was important to me because I am trying to automate creating connections between putty and a server so the less I have to edit the file, the less programming I have to do to auto-fix the file

  10. Nick 14-01-10@16:49

    Thanks man !!

  11. LeSon 25-01-10@22:52

    Thank you!
    Very greate!

  12. franc 09-02-10@06:51

    I like the music in the video!

  13. leonard 18-02-10@01:57

    You can also get the “server refused our key” error if you have the permission 777 on your $HOME directory.

  14. A.Friend 03-04-10@11:38

    Thanks for the tip. If you want putty to automatically login for you then you need pageant running.

    1. Start pageant.exe
    2. “Add Key” -> your private key file
    3. enter your passphrase. You will see an entry show up. click close. Pageant should still be running in your system tray.
    4. Open putty.exe
    5. load you session as above. (e.g., “ZZZZ”)
    6. goto Connection -> Data
    7. Set “Auto-login username” to your username (e.g., “root”)
    8. Goto Connection -> SSH -> auth
    9. Check “Attempt authentication using Pageant”
    10. save changes to your connection. (e.g., “ZZZZ”)
    11. connect/open and voila! you should be automatically authenticated in to your box.

  15. Sectoid_Dev 08-04-10@23:35

    Thanks leonard,

    I’ve been fighting with this a for awhile. The same procedure worked on one machine, but not the other.
    I had 775 on my $HOME, changed it to 755 and now works.

  16. icch8 10-06-10@21:36

    Hello

    After searching for a while I found the reason on one of the last posts of this section. Many thanks ;-)

    regard

  17. avi 23-06-10@19:44

    Thanks for the info! helped me a lot.

  18. very frustrated 20-07-10@02:07

    Hello,
    Thank you for the detailed instructions, however I am still getting the same message ” server refused our key” I am not sure why, by the way what is the chmod commands? and what is 600, 777 … etc, I am new in the Linux world, sorry for the DUM question.
    regards.

  19. very frustrated 20-07-10@02:09

    follow up, do I have to save the generated public key in a special place in my linux machine? I saved in /root/.ssh/ directory is that correct?

  20. Walker 20-07-10@23:31

    The public key file must be appended to $HOME/.ssh/authorized_keys file.

    If you want to ssh using root user ID, then this will be /root/.ssh/authorized_keys.

    The chmod command is used to change a file access permission in UNIX/Linux.

  21. Leon 29-07-10@19:30

    Thanks for the ownership connection on /home/user 755

  22. Raja Deshpande 21-08-10@00:13

    dear friend,

    This information, you have written, was very very helpful. I was struggling with this problem for 2 days. regards from Stuttgart, Germany.
    Raja

  23. Karthikeyan 31-08-10@13:19

    Good Work !!!

    Cheers :-)
    karthik

  24. Matt Stevens 01-10-10@17:24

    Thank you for this! can’t believe my problems were down to the format of the key!

  25. Sean Canada 14-10-10@09:58

    Thank you for taking the time to put this issue to rest. I wrestled with it for an hour and a half to no avail…

    I should have looked at your site first – 2 mins on here saved me the rest of an evening filled with frustration.

    Keep up the good work – can’t believe it came down to syntax.

    All the best – cheers!

  26. Paul Mecham 19-10-10@13:02

    I’m still getting this annoying message.

    My file and directory permissions are as follows:
    My home/git directory is 755g
    drwxr-xr-x 4 git git 4096 Oct 18 21:55 git

    My home/git/.ssh directory is 700
    drwx—— 2 git root 4096 Oct 18 21:55 .ssh

    My home/git/.ssh/authorized_keys file is is 600
    -rw——- 1 git root 226 Oct 18 21:55 .ssh/authroized_keys

    And my public key looks like this:
    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIB/TOjXtqAas035vnMO+V1lgLEznAUeQRgQY0Cs2XXQUfvr1BptbsQE/DKYGHPrG6+tsUZKWTM6PncVuHB8K7LjXy8qoUb1A0BNgNCh5fDFfHO6faPlykdDJmMF1IanGbMb14acYIykIjCAfDzEOk7g2Xu8aGAPaB36+7cvAH+edQ== rsa-key-20101018

    And it’s still evil :).

    Any help would be appreciated.

  27. Paul Mecham 19-10-10@13:11

    Found my problem. It was that I created my .ssh directory and initial authorized_keys file logged in as root and then did a chown to change the owner to git, thinking that this would work.

    It did and does not.

    To fix I deleted the .ssh directory and authorized_keys file and created them logged in as user git and then chmod the directories and file as described above.

    It works great. Yeeehaw….

    Thank you for these posts, very, very helpful. To the point. Made me analyze my situation better.

  28. Solved 05-11-10@08:38

    One more case when you get this error is when putty remembers a fingerprint of the server that is no longer valid.

    Just regedit and delete the stored key so putty is forced to accept a new one. And then redo the same steps.

  29. kk 23-11-10@09:24

    try:
    ChallengeResponseAuthentication yes
    PasswordAuthentication yes

  30. hilmy Mohamed 29-11-10@14:19

    i got error “Server refused our key”. i fix it chq the owner and permision.
    #ls -l
    drwx—— 2 root root 4096 2010-11-29 11:41 .
    drwx—— 8 root root 4096 2010-11-29 11:35 ..
    -rw——- 1 ut ut 215 2010-11-29 11:35 authorized_keys
    root@ftp:~/.ssh# chown root:root authorized_keys

    Its fixed for ‘root’ user.

    tc

  31. Hb 13-12-10@19:56

    Thanks did not know the ssh-rsa bit of the public key. Makes my live easy to generate putty keys ion window machines for linux logins

    Hein

  32. Toros Tarpinyan 19-12-10@13:16

    No need to go through all this trouble. I had the same problem before. Here is a super quick solution.
    1) Generate a key by using Putty Key Generator
    2) Save the private key. (To use it in Putty later).
    3) create the authorized_keys file, if it doesn’t exist, under the
    ~/.ssh directory in your Linux box or server.
    4) Open the authorized_keys file by using a text editor of your choice
    5) Copy the the public key from the box where it says “Public keys for pasting into OpenSSH authorized_keys file” (Right click on the box it will give you first select all and once you select it the copy option).
    6) Paste the key into authorized_keys file. Save and close.
    7) Change the permission of the authorized_keys file to 700.
    chmod 700 authorized_keys
    That’s it.

    Instead of saving the public key by clicking “Save public key” button

  33. A4 17-01-11@18:40

    Thanks, man!

  34. Sanket 07-02-11@08:59

    Those still facing “Server refused our key” issue ….

    1) Remove additional = sign at the end of the key mentioned in authorized_keys file; so your key file should look like:

    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAk6wYppr7Jzld5/C0ffU8RVXAyIuc/eVdl5rdTQvABHCQfykoXDUm/8oIJ06fKUaQFdeto9apeTlhY1Fx5FQMY4LCXKg6ewLexk8hUxiQli3TNAJaPWKK2cowdBYi+3+iOhLZazeUWzqfVQCb7iYegJ3UPrgSeMaUFXXpe9XJrHc=

    2) set permissions on authorized_keys file to 640

  35. Gareth 04-03-11@23:38

    OK – I went through every site trying to figure out why I was still getting the “Server refused our key” error. And I realized that I simply didn’t understand that my instance was created with the public key in it and I couldn’t change it afterwards.

    So, create an image with a key pair and use THAT private key. You can’t change the key after the image has been created. (I’m sure you can – but not the focus here)

    My mistake was that I recreated the key-pair thinking that I could use it instead.

  36. Don Turner 01-04-11@18:57

    Thank you! Worked like a charm, and for some reason the music cracked me up.

  37. Soulshoes 06-04-11@09:46

    I was pulling my hair out with this. I followed all methods of chmod. also generating keys from server side and converting in puttygen.

    In the end I had discovered that I configured the sshd_config file to point to

    /.ssh/authorized_keys

    not

    .ssh/authorized_keys

    I spent many hours with trying different things so although I feel like a complete idiot. It may save you some time if you come across the same problem.

  38. Greg 12-04-11@22:49

    Awesome! Thanks so much, works great now. I couldn’t find this anywhere else!

  39. Benja 17-05-11@02:27

    Super Walker! And many thanks too Leonard (of the 777 permission comment). Spent hours figuring out why my auto login had all of a sudden vanished; and the culprit was somehow having changed home folder permissions.

    Bless u

  40. Jim 16-07-11@08:14

    Wow. I have been banged my damned head against this one for hours! This is something that would have been useful about 2PM this afternoon.
    Huge, HUGE thanks!

    Makes you wonder why the authors of the putty tools don’t just change their file formats to COMPLY WITH THE STANDARD!

  41. jay 18-07-11@07:58

    unable to get into my kindle via ssh. tried editing the file as instructed, no luck, still asking for password for root, as the kindle isn’t accepting the key.

    any help appreciated -jay

  42. matt 20-07-11@16:01

    Thanks for that, got rid of the error, but my server still asks for a password? Any idea how i stop this?

    MTIA.

  43. sb94587 04-08-11@02:44

    Walker’s notes helped fix the issue I have been working on for 4 days. Thanks alot!!

  44. Snake Plissken 10-09-11@01:43

    Awesome. Thanks for sharing this solution.

  45. Jeremy S 03-11-11@17:51

    Thanks that fixed it for me!

  46. PeterM 09-11-11@00:27

    The ssh-keygen tool can automate this edit “ssh-keygen -if test.pub >> ~/.ssh/authorized_keys”

    Also, a new problem, more now that Ubuntu offers ecryptfs integration, is that users have encrypted home directories. When the encrypted directory is not mounted, you will not be able to connect. You will need to put your public keys in an unencrypted directory and change sshd_config and probably the best way is to just use an unencrypted home directory.

  47. Jeremy 02-12-11@17:20

    For me the problem was that my $HOME directory had not the right user:group set

    I changed it via chown -R user:group $HOME and it worked

  48. upandacross 06-12-11@00:37

    FWIW – I found puttygen will allow me to run putty on my XP and ssh to a unix box without being asked for name, password, or passphrase if:

    1. type of key generated is SSH-2 RSA
    2. Key comment is user@host as appropriate for you
    3. you save the public key to a file on the XP box
    4. putty configuration includes setting Category->Connection->SSH->Auth correctly:
    a)Attempt authentication using Pageant is checked
    b) Attempt “keyboard interactive” auth (SSH2) is checked
    c) nothing else is checked
    5. Pageant is running and you have added the private key file produced in step 4
    6. you copy the public key information at the top of the puttygen screen on you XP machine and put that into ~/.ssh/authorized_keys on the Unix machine (puttygen’s exported public key file doesn’t produce a working authorized_keys file)
    7. permissions are correct on the Unix platform for ~/.ssh (700) and ~/.ssh/authorized_keys (600)

  49. justpressload 12-12-11@00:13

    There’s an easier way. Just click “Load” in puttygen, and import your id_rsa. You can then save the key in a format putty can use.

  50. jh 16-12-11@03:30

    This was a big help thanks. Also note, depending on the flavor of OpenSSH, it may be sensitive to certain formatting. For example, I had a Comment in the key, which PuTTygen had appended to the end of the OpenSSH key, like below-
    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIB/TOjXtqAas035vnMO+V1lgLEznAUeQRgQY0Cs2XXQUfvr1BptbsQE/DKYGHPrG6+tsUZKWTM6PncVuHB8K7LjXy8qoUb1A0BNgNCh5fDFfHO6faPlykdDJmMF1IanGbMb14acYIykIjCAfDzEOk7g2Xu8aGAPaB36+7cvAH+edQ== This is my comment here

    that key with comment worked fine in Ubuntu Server. Using the same key on RedHat 6 gave me an error. SO,,,,

    My fix was to edit the key, remove the comment and trailing space, add a carriage return, AND set the permission to 600.

    Good luck!

  51. CSH 16-12-11@18:00

    I have spent so much time to figure out to solve this stupid issue. Finally, your information helped me to solve the annoying problem. Thank you!

  52. AL 02-01-12@19:00

    Thank you – that was starting to get annoying but now fixed !

  53. tie 18-01-12@22:12

    What happened to the good old ‘ssh-keyagent -i -f putty_formatted_key.pub’ ? No need for manual edits really…

  54. dudus 24-01-12@06:57

    I use Ubuntu as a server, I had a problem with “Server refused our key” too, finally I found that by default owner of ‘.ssh’ directory was ‘root’, so because I login as ‘dudus’ I set my login as an owner:

    sudo chown dudus:dudus .ssh

    and it started to work :)

    thanks for all clues

  55. tioti0 12-02-12@08:32

    Generate a pair of key on linux w rsa-keygen
    rename public key to fit with your sshd_config

    Import private key on putty using the development installer of putty

  56. shawnfucious 25-03-12@05:00

    thank you, thank you, thank you…

    I searched for hours before find this. Worked like a champ. I can now scp from ant on my windows system to my linux servers.

  57. Gary 30-05-12@21:29

    I had yet another issue. I was able to login to our servers using the public key, and then some of the servers started giving the error ‘The Server refused our key’.

    I checked the file, and all was fine.
    I checked the rights to the file and the .ssh directory, and all was fine too.

    Then I noticed that the rights to my home directory were set to rwxrwxrwx (777). I changed this to rwx—— (700), and was able to login using the keys again.

    I had changed the rights to my home folder to allow me to move some files as a different username and never changed the rights back.

  58. mantra 26-07-12@07:24

    I tried everything exactly the way you mentioned. The home folder of the user is set to 744 , the .ssh is set to 700 and the authorized_keys is set to 700. I still get the same error. I used Puttygen to generate the pub key and copied it to the auth file. Its all in one line. I have spent way too much time on this, please help.

  59. Walker 27-07-12@01:39

    Try not copy and paste the public key content into authorized_keys file. Instead, upload the file (via pscp or ftp) to Linux, edit the puttygen public key file, and then append the edited public key content to auth file:

    cat your_public_key >> $HOME/.ssh/authorized_keys
  60. riverraptor 30-07-12@17:22

    Precisely what I needed. Thanks

  61. Rich 04-08-12@00:39

    Hello, I hope you are still receiving questions and able to answer.

    We are a SUSE Linux shop and are in the process of setting permissions for group and users using ‘groups’ and same-name sub-dirs. While our users share parent directories we have begun to change the ‘primary’ group to the first ‘group’ we encounter or add. My sysadmin uses a series of ‘setfacl’ commands to secure the parent AND sub-dirs as needed.

    This is causing our user logins to fail using certificates/keys and getting the generic ‘Auth fail’ msg.

    My question is, how can we achieve our permissions and still allow the certs/key in the /.ssh/authorized_keys/ to work in the parent directory???

    thanks!

  62. Marc 07-08-12@05:11

    or

    % puttygen id_dsa -o id_dsa.ppk

    will convert the OpenSSH key to one PuTTY understands.

  63. venkat 22-08-12@13:58

    I tried copy and paste to the authorized_keys file and it did not work.
    I was still getting the refused error.
    But when i copy the file and edited it, there is no error. Does that mean the manual copy from the editor might mess up some characters or hidden spaces ?

  64. zoredache 15-09-12@04:36

    When you use PuttyGen to create the key. Simply copy the contents of the box labeled ‘Public key for pasting into OpenSSH’ directly into your authrorized_keys file. You are making this entirely too difficult.

  65. tonyr 05-10-12@16:35

    if i setup a new user, create .ssh 700 authorized_keys 600 and add the pass putty generated keys it works fine, but when i try to do this for an existing user it doesn’t work – server refused our key. i’ve checked permissions etc

  66. Mike 06-12-12@13:12

    So it’s working now. I had another port setup to for SSH to listen in on besides 22. I told putty to go to that new port, but it’s hit or miss. If you keep it at 22 everything seems to be good.

  67. Mike 09-12-12@13:28

    If anyone has issues with keys being refused, it may be because your home directory is encrypted. If you log in manually, then can log in with your keys, then that’s the problem.

  68. Brett Yeagley 04-01-13@11:36

    I struggled with this a bit with some ESXi 5.0 hosts. This used to work under version 4.x. After fighting with this for to long I had the idea to check the /etc/ssh/sshd_config file and discovered the default for the authorized_keys file was no longer under .ssh. Instead it was set to look in /etc/ssh/keys-root/authorized_keys which existed but was empty. Once I pasted the OpenSSH version of the puttygen public key in the file, this worked like a charm. I suspect this was setup this way to avoid earlier hassles of surviving a reboot, but I have not had a chance to verify this yet.

  69. apapa 02-02-13@00:29

    thanks a lot

  70. Jason 16-02-13@02:26

    Thanks, I struggled for hours yesterday and finally got Putty to connect with my Linode server using SSH key pairs using your advice.

  71. Ritesh 13-03-13@14:01

    Thanks.
    Changing home dir permission from 775 to 755 solved “server refused our key” issue.

  72. MDMoore313 03-04-13@01:59

    Worked for me, Putty on Windows 7 x64. Also, Putty has the key in this format ready to be copied to the authorized_keys file, it is just saved in a different format.

  73. PC 30-04-13@14:58

    Thanks. It helped.

  74. Xinhu Sun 25-07-13@22:00

    The owner of /root is not root in my cubieboard
    chown -R root:root ~
    It works!

  75. Roger 08-08-13@18:04

    Thanks, it very userful!

  76. Matt 20-08-13@23:06

    Thanks, solution worked great! Hope you can get a bigger screen soon. :)

  77. anony 22-11-13@09:43

    I was getting the server refused key error message. I had performed all the steps Paul Mecham (above) had done, besides set teh home dir permissions to 755. Once I did this, it worked. Just fyi in case other users are getting the same error.

  78. Jigar 24-12-13@19:21

    Thanks for the tutorial. Worked like a charm!

  79. gaul1 16-01-14@10:02

    anony: ‘home dir permissions to 755′ helped after trying hours
    thanks!

  80. isik5 17-02-14@04:30

    Thank you!! Worked like a charm!!

  81. Tmr 02-05-14@22:46

    Thanks!

  82. Joe 26-05-14@14:31

    You sir are my hero! Good job!

  83. JJBladester 30-05-14@21:53

    Thanks. This worked for me. I tried using nano to edit the authorized_keys file and it didn’t work. Only vi worked. There must have been some CRLF-type characters inserted by nano that vi didn’t generate.

  84. Chris Read 30-06-14@13:58

    Found this page while looking for a solution to the key refusal, none of the solutions listed worked for me using CentOS 6. However, I did find the solution to my issues which were caused by SELinux settings. After doing the .ssh/authorized_keys editing and chmod of both listed above, you’ll need to run the following to correct the SELinux properties:

    restorecon -Rv ~/.ssh

    Of course replacing the .ssh location with yours. Hope this helps someone else with the same persistent problem.

  85. JmJ 08-09-14@09:18

    jh, your solution was the only thing that worked for me. Thank you!

  86. Rayb0rn 14-09-14@02:02

    Thank you….the last piece in my puzzle…kudos to you!!

  87. foojian 16-09-14@21:56

    Thanks a lot.It works!

2014  •  Privacy Policy