SSH has this error: "server refused our key"

I did successful yestday as Porter's doc:

  1. Create private/pub key on AIX:
    $ssh-keygen -t identity

  2. Get my private key from the AIX server, found in $HOME/.ssh/identity

Put that on Windows box.

I use WinSCP to transfer private key from AIX to Windows

  1. Run puttygen.exe and load the private key, save it without password as identity.ppk in a safe directory.

4.To use SFTP use Putty's "psftp" as follows:

"c:\program files\putty\psftp.exe" -i \path\to\identity.ppk user@host

Then, it shows "server refused our key" and "Server refused public key", I have to input password to login AIX.

Yesterday, I thought I was successful to use WinSCP to do it without password, today, I cannot, and it shows the same result .

I don't change any configuration on AIX and Windows.

Who know why I cannot do it today?

Thanks a lot!

Did you put the public key in $HOME/.ssh/authorized_keys?

Do the files have -wr------ access rights?

I thought the flags would be "ssh-keygen -t rsa -f identity".

$ ssh-keygen -t rsa -f identity
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in identity.
Your public key has been saved in identity.pub.
The key fingerprint is:
be:fe:1b:cc:ec:21:6b:d5:4d:db:75:00:99:92:8f:2d sss@server1
$ ls -l
total 16
-rw------- 1 sss staff 1675 Dec 05 13:21 identity
-rw-r--r-- 1 sss staff 397 Dec 05 13:21 identity.pub

It shows the same result, server refused our key

Have you put the public key in $HOME/.ssh/authorized_keys of the server you are trying to connect to?

In AIX side, I only have

$ ls -l
total 16
-rw------- 1 sss staff 1675 Dec 05 13:21 identity
-rw-r--r-- 1 sss staff 397 Dec 05 13:21 identity.pub

after run the command:

$ ssh-keygen -t rsa -f identity

where the "$HOME/.ssh/authorized_keys"? In Windows or AIX?
I want to ssh without password from windows to AIX. So, I create the private/public key on AIX side?

  1. create public and private key on AIX - just as you have.

  2. add the public key to $HOME/.ssh/authorized_keys on the AIX box.

  3. ensure the keys and authorized_keys are -rw-------

  4. transfer the private key to windows - just like you have

  5. use puttygen to create a putty type key identity.ppk - just like you have

So you are nearly there, but the server does *nothing* with identity and identity.pub, they are ignored. It is only interested in $HOME/.ssh/authorized_keys. Similarly the ssh client on AIX is only interested in (a) $HOME/.ssh/identity and (b) $HOME/.ssh/known_hosts.

If $HOME/.ssh/authorized_keys does not exist then

cd .ssh
cp identity.pub authorized_keys
chmod 600 authorized_keys

Thanks a lot! Success!

Cool. :slight_smile:

Now here's a trick...

Standardise on one public/private key pair that represents you as a person, then put the public key in the authorized_keys for all the servers you want to talk to, and put the private key in the identity in .ssh in your home directory on each server. That way you will happily be able to scp/ssh from any machine to any other machine. Of course, only put the private key on machines you trust.

Thank you for your detail information!