"Server refused our key" from putty on Centos8 system

Question

I have an AWS EC2 instance running Centos8 with flawless SSH connections using a regular ssh client (not putty).

I need to connect using putty from a Windows10 Pro desktop.

I hope this community can offer a fix that I haven't found yet.

When I attempt to connect using the public key from a putty-gen created pair, I get "server refused our key".

The authorized_keys file contains the following entry (copied from puttygen):

ssh-dss AAAAB3NzaC1kc3MAAACBAPEsveu9UvIu8rqQvyMTAlpEmzZDHEHy9tzm33hqooVDYx8Y2HKL1pOWFCtORMHrQC0s2tMoWUmuN8zj7fJe2JUrU+pxPj8BoaeMEBlIQlw6YLkkl8oNysNs1gn3NBG8Pbii5SCWLOMHYNU/FrrGfIC4gK98FWOs+XB8b2TDC+GhAAAAFQDr8V35S0yUUHkKQhOdTBE01z/xnwAAAIEA413XRIqaOoD7fNhJL75gFWjCEfmoDjrUxCMTCWruQB0/ggh3kaUXCZW09M3uv12ibHg76Hjv2ams2tmMp3uHCkEd0Aiuxh5M1vbu/w2YwzSd2QVbMXlXBQdLiqatDuKENFoKk9x/RsZT5gnyDN65/BC/t7vTMk/Q9DxtBklFh6IAAACBAJINInKSQvRCwnlsASdia2QrRCXK7+aTycg8rWDpHI5O+CpKaphdpxrv8yfAElfziLkt4HYo8QO6dCgonktt0s5bIkdpP35yN6P32wIOtqpYLqsIMsnmLxolVqAbmPO0V/Z79gYkNVzWWRb0PnImYQepcUZFO03k8Sq4ny9y/Tsk Tom_S_admin

This appears to be an issue with my local credentials, but I've tried all the usual fixes without success.

I tried an approach suggested in another stackoverflow question -- adding the following to /etc/ssh/sshd_config on the server:

PubkeyAcceptedAlgorithms +ssh-rsa

Sadly, this simply broke sshd and so I reverted the change.

Here is what I see on my desktop:

[

Answer 1

ssh-dss

"ssh-dss" indicates a DSA key. DSA keys have been deprecated for years.

You should start again and generate a key of a more modern type. RSA is the most broadly compatible option, even more modern types can offer the same security with shorter keys but RSA is still fine as long as the key length is good enough (2048 bit minimum, 4096 bit is what I go for).

Answer 2

I appreciate the helpful answers from both @plugwash and @Perigrino69.

I solved this by essentially combining both, in a way that turned out to be simple.

I used the latest versions of PuTTY and PuTTYgen to simply generate a new key-pair. I copied the field in PuTTYgen and pasted it into authorized_keys:

ssh-rsa AAAAB3NzaC1yc2 <elided> BZZD/FJpyOsk+ovzNvpWZpGro3Pe4MGCA/ZdEDPKrQ9N8RhIMYZYvwle4NNMgbckQnCjmJ6FOvvyV4/YsvHzXeOMOelPrPtGTnFnayw6kAqdK7xEY2d2z4xqVyhgni/xTA9OASfCPJXzf rsa-key-20230301

I set the private key in PuTTY to the newly-generated private key.

This worked exactly as desired -- problem solved,

Answer 3

PuTTy doesn't directly work with OpenSSH keys. You need to convert first with PuTTYgen.

1. Click "Conversions" from the PuTTY Key Generator menu and select "Import key".
2. Navigate to the OpenSSH private key and click "Open".
3. Under "Actions" / "Save the generated key", select "Save private key".
4. Choose an optional passphrase to protect the private key.
5. Save the private key to the desktop as "id_rsa.ppk".

Next you need to copy the public key to the server.

1. Highlight entire public key within the PuTTY Key Generator and copy the text.
2. Launch PuTTY and log into the remote server with your existing user credentials.
3. Use your preferred text editor to create and/or open the authorized_keys file:
4. Paste the public key into the authorized_keys file.
5. Save the file and close the text editor.
6. Adjust the permissions of the authorized_keys file so that the file does not allow group writable permissions chmod 600 ~/.ssh/authorized_keys

After this done, you should be able to connect using the Private Key.

1. Enter the remote server Host Name or IP address under "Session".
2. Navigate to "Connection" > "SSH" > "Auth".
3. Click "Browse..." under "Authentication parameters" / "Private key file for authentication".
4. Locate the "id_rsa.ppk" private key and click "Open".
5. Finally, click "Open" again to log into the remote server with key pair authentication.

The source (IONOS) has also clarifying screenshots etc.