Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server refused public key despite accepting key

Discussion in 'Security' started by Scott Baird, Mar 23, 2017.

Tags:
  1. Scott Baird

    Scott Baird Member

    Joined:
    Feb 18, 2016
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spanish Fork, UT
    cPanel Access Level:
    Root Administrator
    I have followed the sshd hardening and now I can not login via SSH and get the following error;

    Code:
    Server refused public key despite accepting key
    no supported authentication methods available (server sent publickey gssapi-keyex gssapi-with-mic)
    The only way for me to login via SSH now is to login via browser and enable "SSH Password Authorization Tweak", then use a user account to login and then sudo to root.

    If I keep "SSH Password Authorization Tweak" enabled for too long I get too many invalid attempts that are blocked by Bruteforce.

    Someone suggested here that I should do PermitRootLogin without-password in sshd_config setting, but that goes against the ssh hardening guide so I do not want to do it.

    The public key is authorized under "Manage root’s SSH Keys" and I am using putty and have not tried anything else (what other ssh software should I try if I have to?).

    Edit: Just to make sure I am doing it right, here is what I do to SSH.
    1. Start Putty and enter the hostname
    2. SSH > Auth and then browse and open the .ppk file WHM created for me earlier (after entering the password)
    3. in the panel I use login name root
    4. and then enter the password for the key I created earlier to run into the error above.
     
    #1 Scott Baird, Mar 23, 2017
    Last edited: Mar 23, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    If you want to login as the "root" user, then you would have to change "PermitRootLogin no" to "PermitRootLogin without-password" in your /etc/ssh/sshd_config file. Otherwise, you'd have to setup another user for SSH, grant that user wheel access, access SSH as that user, and then su or sudo to root.

    Thank you.
     
  3. Scott Baird

    Scott Baird Member

    Joined:
    Feb 18, 2016
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spanish Fork, UT
    cPanel Access Level:
    Root Administrator
    @cPanelMichael Thank you, I get what you mean. I have one question.

    I have a default user that does not have a cpanel account. How to I create SSH keys for that user? As I will only like to give that user wheel access.

    Creating and using a key after adding it to "Manage root’s SSH Keys" does not allow me to login as the user.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You'd login to the user account via SSH, and then setup the key manually using a command such as:

    Code:
    ssh-keygen -t rsa
    You'd then ensure the public key is added to the /home/$username/.ssh/authorized_keys file.

    Thank you.
     
  5. Scott Baird

    Scott Baird Member

    Joined:
    Feb 18, 2016
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spanish Fork, UT
    cPanel Access Level:
    Root Administrator
    The server is still refusing my key. I created the public and private key using puttygen (SSh-2 RSA - 2048 - without keyphrase). I then pasted the code from "Public key for pasting into OpenSSH authorized_keys file" into ~/.ssh/authorized_keys (and for safe measure also into id_newuser.pub and id_newuser). Can it be a rights issue? Below is my output from SSH.

    Code:
    USERNAME@webserver [~]# ls -alh
    total 48K
    drwx------   6 USERNAME USERNAME 4.0K Mar 23 15:02 ./
    drwx--x--x. 12 root       root       4.0K Mar 23 11:13 ../
    -rw-r--r--   1 USERNAME USERNAME 5.9K Mar 23 15:02 .bash_history
    -rw-r--r--   1 USERNAME USERNAME   18 Jul 18  2013 .bash_logout
    -rw-r--r--   1 USERNAME USERNAME  176 Jul 18  2013 .bash_profile
    -rw-r--r--   1 USERNAME USERNAME  124 Jul 18  2013 .bashrc
    drwxrwxr-x   4 USERNAME USERNAME 4.0K Nov 25  2015 perl5/
    drwxrwxr-x   2 USERNAME USERNAME 4.0K Sep 16  2014 public_ftp/
    drwxrwxr-x   3 USERNAME USERNAME 4.0K Sep 16  2014 public_html/
    drwx------   2 USERNAME USERNAME 4.0K Mar 23 15:02 .ssh/
    -rw-r--r--   1 USERNAME USERNAME 1.5K Mar 23 15:02 .viminfo
    USERNAME@webserver [~]# cd .ssh
    USERNAME@webserver [~/.ssh]# ls -alh
    total 20K
    drwx------ 2 USERNAME USERNAME 4.0K Mar 23 15:02 ./
    drwx------ 6 USERNAME USERNAME 4.0K Mar 23 15:02 ../
    -rw------- 1 USERNAME USERNAME  737 Mar 23 14:35 authorized_keys
    -rw-r--r-- 1 USERNAME USERNAME  737 Mar 23 15:02 id_newuser
    -rw-r--r-- 1 USERNAME USERNAME  737 Mar 23 14:45 id_newuser.pub
    
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Ensure the permissions on this file are set to 0644:

    Code:
    chmod 0644 /home/$user/.ssh/authorized_keys
    Please confirm the specific error message if the issue persists after updating the permissions on this file.

    Thank you.
     
  7. Scott Baird

    Scott Baird Member

    Joined:
    Feb 18, 2016
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spanish Fork, UT
    cPanel Access Level:
    Root Administrator
    So I deleted everything and redid it using the "ssh-keygen -t rsa" (at location /home/$username/) and then saved the public key from the .pub file to /home/$username/.ssh/authorized_keys file. Saved the private key locally and converted a ppk using puttygen (Save private key button).

    Started putty and under the session added my server IP, ssh > auth and added the ppk generted by puttygen and clicked open. This is what I get;

    Code:
    Using username "$username".
    Server refused our key
    Using keyboard-interactive authentication.
    Password:
    Here is how the rights look like;

    Code:
    root@webserver [/home/$username/.ssh]# ls -alh
    total 12K
    drwx------ 2 $username $username 4.0K Mar 24 08:48 ./
    drwx------ 6 $username $username 4.0K Mar 24 08:46 ../
    -rw-r--r-- 1 $username $username  435 Mar 24 08:47 authorized_keys
    What am I doing wrong?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page