Server refused public key despite accepting key

[Scott Baird]

I have followed the sshd hardening and now I can not login via SSH and get the following error;

Server refused public key despite accepting key
no supported authentication methods available (server sent publickey gssapi-keyex gssapi-with-mic)

The only way for me to login via SSH now is to login via browser and enable "SSH Password Authorization Tweak", then use a user account to login and then sudo to root.

If I keep "SSH Password Authorization Tweak" enabled for too long I get too many invalid attempts that are blocked by Bruteforce.

Someone suggested here that I should do PermitRootLogin without-password in sshd_config setting, but that goes against the ssh hardening guide so I do not want to do it.

The public key is authorized under "Manage root’s SSH Keys" and I am using putty and have not tried anything else (what other ssh software should I try if I have to?).

Edit: Just to make sure I am doing it right, here is what I do to SSH.

1. Start Putty and enter the hostname
2. SSH > Auth and then browse and open the .ppk file WHM created for me earlier (after entering the password)
3. in the panel I use login name root
4. and then enter the password for the key I created earlier to run into the error above.

 

[cPanelMichael]

Hello,

If you want to login as the "root" user, then you would have to change "PermitRootLogin no" to "PermitRootLogin without-password" in your /etc/ssh/sshd_config file. Otherwise, you'd have to setup another user for SSH, grant that user wheel access, access SSH as that user, and then su or sudo to root.

Thank you.

 

[Scott Baird]

@cPanelMichael Thank you, I get what you mean. I have one question.

I have a default user that does not have a cpanel account. How to I create SSH keys for that user? As I will only like to give that user wheel access.

Creating and using a key after adding it to "Manage root’s SSH Keys" does not allow me to login as the user.

 

[cPanelMichael]

I have a default user that does not have a cpanel account. How to I create SSH keys for that user? As I will only like to give that user wheel access.

You'd login to the user account via SSH, and then setup the key manually using a command such as:

ssh-keygen -t rsa

You'd then ensure the public key is added to the /home/$username/.ssh/authorized_keys file.

Thank you.

 

[Scott Baird]

The server is still refusing my key. I created the public and private key using puttygen (SSh-2 RSA - 2048 - without keyphrase). I then pasted the code from "Public key for pasting into OpenSSH authorized_keys file" into ~/.ssh/authorized_keys (and for safe measure also into id_newuser.pub and id_newuser). Can it be a rights issue? Below is my output from SSH.

[email protected] [~]# ls -alh
total 48K
drwx------   6 USERNAME USERNAME 4.0K Mar 23 15:02 ./
drwx--x--x. 12 root       root       4.0K Mar 23 11:13 ../
-rw-r--r--   1 USERNAME USERNAME 5.9K Mar 23 15:02 .bash_history
-rw-r--r--   1 USERNAME USERNAME   18 Jul 18  2013 .bash_logout
-rw-r--r--   1 USERNAME USERNAME  176 Jul 18  2013 .bash_profile
-rw-r--r--   1 USERNAME USERNAME  124 Jul 18  2013 .bashrc
drwxrwxr-x   4 USERNAME USERNAME 4.0K Nov 25  2015 perl5/
drwxrwxr-x   2 USERNAME USERNAME 4.0K Sep 16  2014 public_ftp/
drwxrwxr-x   3 USERNAME USERNAME 4.0K Sep 16  2014 public_html/
drwx------   2 USERNAME USERNAME 4.0K Mar 23 15:02 .ssh/
-rw-r--r--   1 USERNAME USERNAME 1.5K Mar 23 15:02 .viminfo
[email protected] [~]# cd .ssh
[email protected] [~/.ssh]# ls -alh
total 20K
drwx------ 2 USERNAME USERNAME 4.0K Mar 23 15:02 ./
drwx------ 6 USERNAME USERNAME 4.0K Mar 23 15:02 ../
-rw------- 1 USERNAME USERNAME  737 Mar 23 14:35 authorized_keys
-rw-r--r-- 1 USERNAME USERNAME  737 Mar 23 15:02 id_newuser
-rw-r--r-- 1 USERNAME USERNAME  737 Mar 23 14:45 id_newuser.pub

 

[cPanelMichael]

-rw------- 1 USERNAME USERNAME 737 Mar 23 14:35 authorized_keys

Hello,

Ensure the permissions on this file are set to 0644:

chmod 0644 /home/$user/.ssh/authorized_keys

Please confirm the specific error message if the issue persists after updating the permissions on this file.

Thank you.

 

[Scott Baird]

So I deleted everything and redid it using the "ssh-keygen -t rsa" (at location /home/$username/) and then saved the public key from the .pub file to /home/$username/.ssh/authorized_keys file. Saved the private key locally and converted a ppk using puttygen (Save private key button).

Started putty and under the session added my server IP, ssh > auth and added the ppk generted by puttygen and clicked open. This is what I get;

Using username "$username".
Server refused our key
Using keyboard-interactive authentication.
Password:

Here is how the rights look like;

[email protected] [/home/$username/.ssh]# ls -alh
total 12K
drwx------ 2 $username $username 4.0K Mar 24 08:48 ./
drwx------ 6 $username $username 4.0K Mar 24 08:46 ../
-rw-r--r-- 1 $username $username  435 Mar 24 08:47 authorized_keys

What am I doing wrong?

 

[cPanelMichael]

Hello,

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.