Server refused public key despite accepting key

Scott Baird

Member
Feb 18, 2016
17
0
1
Spanish Fork, UT
cPanel Access Level
Root Administrator
I have followed the sshd hardening and now I can not login via SSH and get the following error;

Code:
Server refused public key despite accepting key
no supported authentication methods available (server sent publickey gssapi-keyex gssapi-with-mic)
The only way for me to login via SSH now is to login via browser and enable "SSH Password Authorization Tweak", then use a user account to login and then sudo to root.

If I keep "SSH Password Authorization Tweak" enabled for too long I get too many invalid attempts that are blocked by Bruteforce.

Someone suggested here that I should do PermitRootLogin without-password in sshd_config setting, but that goes against the ssh hardening guide so I do not want to do it.

The public key is authorized under "Manage root’s SSH Keys" and I am using putty and have not tried anything else (what other ssh software should I try if I have to?).

Edit: Just to make sure I am doing it right, here is what I do to SSH.
  1. Start Putty and enter the hostname
  2. SSH > Auth and then browse and open the .ppk file WHM created for me earlier (after entering the password)
  3. in the panel I use login name root
  4. and then enter the password for the key I created earlier to run into the error above.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello,

If you want to login as the "root" user, then you would have to change "PermitRootLogin no" to "PermitRootLogin without-password" in your /etc/ssh/sshd_config file. Otherwise, you'd have to setup another user for SSH, grant that user wheel access, access SSH as that user, and then su or sudo to root.

Thank you.
 
  • Like
Reactions: nasthik

Scott Baird

Member
Feb 18, 2016
17
0
1
Spanish Fork, UT
cPanel Access Level
Root Administrator
@cPanelMichael Thank you, I get what you mean. I have one question.

I have a default user that does not have a cpanel account. How to I create SSH keys for that user? As I will only like to give that user wheel access.

Creating and using a key after adding it to "Manage root’s SSH Keys" does not allow me to login as the user.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
I have a default user that does not have a cpanel account. How to I create SSH keys for that user? As I will only like to give that user wheel access.
You'd login to the user account via SSH, and then setup the key manually using a command such as:

Code:
ssh-keygen -t rsa
You'd then ensure the public key is added to the /home/$username/.ssh/authorized_keys file.

Thank you.
 

Scott Baird

Member
Feb 18, 2016
17
0
1
Spanish Fork, UT
cPanel Access Level
Root Administrator
The server is still refusing my key. I created the public and private key using puttygen (SSh-2 RSA - 2048 - without keyphrase). I then pasted the code from "Public key for pasting into OpenSSH authorized_keys file" into ~/.ssh/authorized_keys (and for safe measure also into id_newuser.pub and id_newuser). Can it be a rights issue? Below is my output from SSH.

Code:
[email protected] [~]# ls -alh
total 48K
drwx------   6 USERNAME USERNAME 4.0K Mar 23 15:02 ./
drwx--x--x. 12 root       root       4.0K Mar 23 11:13 ../
-rw-r--r--   1 USERNAME USERNAME 5.9K Mar 23 15:02 .bash_history
-rw-r--r--   1 USERNAME USERNAME   18 Jul 18  2013 .bash_logout
-rw-r--r--   1 USERNAME USERNAME  176 Jul 18  2013 .bash_profile
-rw-r--r--   1 USERNAME USERNAME  124 Jul 18  2013 .bashrc
drwxrwxr-x   4 USERNAME USERNAME 4.0K Nov 25  2015 perl5/
drwxrwxr-x   2 USERNAME USERNAME 4.0K Sep 16  2014 public_ftp/
drwxrwxr-x   3 USERNAME USERNAME 4.0K Sep 16  2014 public_html/
drwx------   2 USERNAME USERNAME 4.0K Mar 23 15:02 .ssh/
-rw-r--r--   1 USERNAME USERNAME 1.5K Mar 23 15:02 .viminfo
[email protected] [~]# cd .ssh
[email protected] [~/.ssh]# ls -alh
total 20K
drwx------ 2 USERNAME USERNAME 4.0K Mar 23 15:02 ./
drwx------ 6 USERNAME USERNAME 4.0K Mar 23 15:02 ../
-rw------- 1 USERNAME USERNAME  737 Mar 23 14:35 authorized_keys
-rw-r--r-- 1 USERNAME USERNAME  737 Mar 23 15:02 id_newuser
-rw-r--r-- 1 USERNAME USERNAME  737 Mar 23 14:45 id_newuser.pub
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
-rw------- 1 USERNAME USERNAME 737 Mar 23 14:35 authorized_keys
Hello,

Ensure the permissions on this file are set to 0644:

Code:
chmod 0644 /home/$user/.ssh/authorized_keys
Please confirm the specific error message if the issue persists after updating the permissions on this file.

Thank you.
 

Scott Baird

Member
Feb 18, 2016
17
0
1
Spanish Fork, UT
cPanel Access Level
Root Administrator
So I deleted everything and redid it using the "ssh-keygen -t rsa" (at location /home/$username/) and then saved the public key from the .pub file to /home/$username/.ssh/authorized_keys file. Saved the private key locally and converted a ppk using puttygen (Save private key button).

Started putty and under the session added my server IP, ssh > auth and added the ppk generted by puttygen and clicked open. This is what I get;

Code:
Using username "$username".
Server refused our key
Using keyboard-interactive authentication.
Password:
Here is how the rights look like;

Code:
[email protected] [/home/$username/.ssh]# ls -alh
total 12K
drwx------ 2 $username $username 4.0K Mar 24 08:48 ./
drwx------ 6 $username $username 4.0K Mar 24 08:46 ../
-rw-r--r-- 1 $username $username  435 Mar 24 08:47 authorized_keys
What am I doing wrong?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello,

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.