121

I have a 12.10 server setup in a virtual machine with its network set to bridged (essentially will be seen as a computer connected to my switch).

I installed opensshd via apt-get and was able to connect to the server using putty with my username and password.

I then set about trying to get it to use public/private key authentication. I did the following:

  1. Generated the keys using PuttyGen.
  2. Moved the public key to /etc/ssh/myusername/authorized_keys (I am using encrypted home directories).

  3. Set up sshd_config like so:

    PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/%u/authorized_keys
StrictModes no
PasswordAuthentication no
UsePAM yes

When I connect using putty or WinSCP, I get an error saying No supported authentication methods available (server sent public key).

If I run sshd in debug mode, I see:

PAM: initializing for "username"
PAM: setting PAM_RHOST to "192.168.1.7"
PAM: setting PAM_TTY to "ssh"
userauth-request for user username service ssh-connection method publickey [preauth]
attempt 1 failures 0 [preauth]
test whether pkalg/pkblob are acceptable [preauth[
Checking blacklist file /usr/share/ssh/blacklist.RSA-1023
Checking blacklist file /etc/ssh/blacklist.RSA-1023
temporarily_use_uid: 1000/1000 (e=0/0)
trying public key file /etc/ssh/username/authorized_keys
fd4 clearing O_NONBLOCK
restore_uid: 0/0
Failed publickey for username from 192.168.1.7 port 14343 ssh2
Received disconnect from 192.168.1.7: 14: No supported authentication methods available [preauth]
do_cleanup [preauth]
monitor_read_log: child log fd closed
do_cleanup
PAM: cleanup

Why is this happening and how can I fix this?

Eric Carvalho
  • 54,385
F21
  • 4,319
  • 5
  • 25
  • 23
  • In my case, I have two AWS instances. One of them is working flawlessly, the other one is working when connecting through Intellij Idea, but not from Putty, but it was working at the beginning. So in my case it must be something about putty – Marian Klühspies Nov 23 '15 at 12:00
  • In my case, I had to load the existing private key in puttygen and save it to convert it. Described it under https://www.bingehacking.net/2022/01/putty-no-supported-authentication.html – Thorsten Staerk Jan 30 '22 at 10:05

6 Answers6

105

Problem solved:

Looks like there was a problem with my public key file. PuttyGen will create a public key file that looks like:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20121022"
AAAAB3NzaC1yc2EAAAABJQAAAIEAhGF6GIuMY8FJ1+CNApnSY1N2YSlkYz72Yvwu
a6N1nFpBklz1+dsIMg4rcTLcF34M/tW5Yz+NUDAw2AEbxQ32FPgw7sAOIXktkYOH
tr7mmimiTjkoSCrJh1kqalPSpi8rglT/Bp67Ql2SZwvUFfMzHISryR0EZC4rXP/u
vObrJe8=
---- END SSH2 PUBLIC KEY ----

However, this will not work, so what you need to do is to open the key in PuttyGen, and then copy it from there (this results in the key being in the right format and in 1 line):

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhGF6GIuMY8FJ1+CNApnSY1N2YSlkYz72Yvwua6N1nFpBklz1+dsIMg4rcTLcF34M/tW5Yz+NUDAw2AEbxQ32FPgw7sAOIXktkYOHtr7mmimiTjkoSCrJh1kqalPSpi8rglT/Bp67Ql2SZwvUFfMzHISryR0EZC4rXP/uvObrJe8= rsa-key-20121022

Paste this into authorized_keys then it should work.

F21
  • 4,319
  • 5
  • 25
  • 23
  • 1
    I opened authorized_keys in vi and removed all of the line breaks and it worked. – Luke Mar 13 '16 at 19:59
  • 1
    where is the public key file located? i am only using putty. – Syler Mar 26 '16 at 00:43
  • 2
    I did all the things above but still the server is sending No supported authentication methods available (server sent public key) – Al-Alamin Dec 12 '17 at 04:06
  • 1
    How did you know this wouldn't work / where did you find the expected format? – Michael Sep 05 '19 at 15:58
  • 1
    Where I need paste exactly when you say "Paste this into authorized_keys then it should work." @F21 – Mahender Reddy Yasa Sep 24 '19 at 22:39
  • Thanks this formatting saved me! I also had to remove the break lines for it to work (it wasn't obvious for me the first time). – George Oct 18 '20 at 11:53
  • Where is authorized_keys ? – Black Jul 04 '22 at 13:11
  • That file is at /home/ubuntu/.ssh/authorized_keys – Michael Currie Nov 24 '22 at 17:00
  • If your project involves multiple servers, make sure the server you add the key to is also the same server you try to log into with the new key, or else you'll waste a lot of time wondering why you're still getting this error message despite lots of troubleshooting. – Aufgeschissener Kunde Mar 27 '23 at 23:40
  • On Google Cloud, authorized_keys will be overwritten based on the project's ssh keys. I describe it here with screenshots and troubleshooting hints: https://www.bingehacking.net/2022/01/putty-no-supported-authentication.html – Thorsten Staerk Jul 30 '23 at 20:24
52
  1. Edit the /etc/ssh/sshd_config file.
  2. Change PasswordAuthentication and ChallengeResponseAuthentication to yes.

3a. Restart ssh /etc/init.d/ssh restart.
OR
3b. better you use service sshd restart

waltinator
  • 36,399
Hunter
  • 549
  • 1
    indeed this is useful comment if you have trouble connecting vie ftp softwares – cnu Jul 12 '17 at 08:11
  • 1
    That works for me! – Asinox Oct 08 '17 at 02:07
  • 26
    The whole purpose of authenticating via key file is to avoid password authentication, so actually you should set PasswordAuthentication to no. – Pere Dec 20 '17 at 12:43
  • 1
    It's the only answer that has helped me. I didn't need public/private key authentication, but I was getting that weird message. – Serge Rogatch Jun 27 '18 at 07:09
  • 1
    Thanks about ChallengeResponseAuthentication, it resolved the problem to me on a Debian 10.0 – realtebo Jul 12 '19 at 11:17
  • 1
    A spin to what @Pere wrote: If you set PasswordAuthentication to yes and ChallengeResponseAuthentication to no you are able to connect automatically with a key, and those that don't have a key will connwct with a password - very useful – Stas Sorokin Dec 30 '20 at 13:32
  • Simple concise answer for me on a bitnami VM I just wanted for a simple test!! -thanks – Marinaio Jun 13 '22 at 13:13
  • HAD to do this, it was the only way! never use gcloud instances again – nodws Dec 08 '22 at 22:16
14

Just a tip I hope may help someone else with the headaches I had. F21 is right that you need to copy the key out of the PuTTYGen window instead of saving the file, but after copying, the way you paste may have significant impact on whether your key will work or not. Some editors will alter the text as you paste, or do something with newlines or something that makes the authorized_keys file invalid.

What I have found to be the least likely to break is to echo the full string and redirect the output to the file. Right-clicking in PuTTY to paste the key string to the commandline, it works out like this (with the example given above):

echo [right-click-to-paste-here] > /etc/ssh/username/authorized_keys

You'll end up with this:

echo ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhGF6GIuMY8FJ1+CNApnSY1N2YSlkYz72Yvwua6N1nFpBklz1+dsIMg4rcTLcF34M/tW5Yz+NUDAw2AEbxQ32FPgw7sAOIXktkYOHtr7mmimiTjkoSCrJh1kqalPSpi8rglT/Bp67Ql2SZwvUFfMzHISryR0EZC4rXP/uvObrJe8= rsa-key-20121022 > /etc/ssh/username/authorized_keys

Another advantage of this method is that you can add multiple keys this way by using >> to append instead of > to overwrite, eg:

echo ssh-rsa AAAAB3<...snip...>rJe8= rsa-key-20121022 >> /etc/ssh/username

Hope that helps someone.

Dave
  • 141
14

We were already using the right type of key (ppk instead of pem).

In our case, it was a problem with the file permissions for authorized_keys on the server user folder. It has to be -rw-r--r-- ... It was -rw-rw-r--.

SSH is very finicky about file perms.

Check file permissions using:

ls -l authorized_keys

You can fix them if necessary with:

chmod 644 authorized_keys
matigo
  • 22,138
  • 7
  • 45
  • 75
Sharad
  • 141
  • Thanks for pointing me to the right direction. In our case both the owner and the permissions were wrong. – Zsolti Oct 06 '16 at 11:16
  • how to change file permissions as we are not able to access through ssh? any other way to do that? – jit Nov 28 '16 at 11:52
  • 1
    Mine was also an ownership, groupship, and permissions problem. As shown here (https://stackoverflow.com/a/36808935/384670), the permissions I had to use were 600 for the file and 700 for the directory. I also changed the owner and the group to this non-root user in question. – M Katz Jun 01 '18 at 12:31
  • I also had to set the permissions of the .ssh directory which contains the authorized_keys-file to 700 (rwx------) – Chris Dec 20 '19 at 11:29
  • Wow that's incredibly frustrating. I spent all this time trying to debug the different sshd_config properties and it's just a permissions issue with my file. Unlucky I guess – Jacob Morrison Jun 30 '20 at 22:17
  • Check file permissions using ls -l authorized_keys and fix them if necessary with chmod 644 authorized_keys. – Ari Cooper-Davis Apr 01 '22 at 15:27
9

SOLVED:

  1. You need to download the puttyGEN and generate a public and a private key.
  2. I've assigned a password to my private key.
  3. then configure the private key in putty. Putty->SSH->Auth->Browse to your private.
  4. You need to configure the public key on the server. (In my case I've talked with the server guy and asked if he could add my public key to the server). You need the public key in the other side (server) the connection.
Community
  • 1
Matt.sinner
  • 91
  • 2
    "Ensure you have the same path for private and public key." That has nothing to do with it. You don't have to reside your public key next to your private.. – ssibal Dec 06 '17 at 09:53
8

In my case the reason was that private key file (.ppk) had been removed in Putty authentication agent i.e. Pageant. I just updated it again to Pageant there and connection worked perfectly after that.

Marko H
  • 81
  • 1
  • 1