Hi!
I am trying to access my opnsense through SSH with authorized keys and it is not working, I always get this error from putty "Server refused our key".
This is all I done till now:
- Enabled "Enable Secure Shell", with "Permit root user login", because I want to use root user
- Generated keys with puttygen
- Pasted the public key into the root user
- Verified the file authorized_keys under .ssh, to be sure that everything is ok
- I open putty, I set the host and the SSH>AUTH private key
When I try to access opnsense, I get that error...
Any idea somebody?
Thanks
Quote from: pickone on May 28, 2024, 11:15:11 AM
- Generated keys with puttygen
Which
type of key, exactly?
SSH-2 RSA key (2048 bits), generated with puttygen
In opnsense, I added the public key to the root username, into the Authorized Keys field.
And used the private .ppk key with putty.
PS: I even created a different user, doesn't have nothing to do with what user I use, same error
You are aware that Putty stores its key in a slightly different format than what openssh is expecting?
Puttygen does something like this:
PuTTY-User-Key-File-3: ssh-rsa
Encryption: none
Comment: rsa-key-20240528
Public-Lines: 6
AAAAB3NzaC1yc2EAAAADAQABAAABAQCVXBP+N6RVMS524DBnXzhTNCp5roOu2uqw
WVOPqEGgApeBuE9jNBvx4hc+zRCiPXsUnkclBTRF/VacEBb7ONDbh+icrKhkRN1G
qeKItNzcrG2nrP1syvhaZyaRe7VNb8iMnCEZSzj8VYFfkDUfziT/j2w7Wd++PQpY
cXe7AwK9UH+AVz9wX4Il5vnPIFGM8ZaW7SvjoGuCEP577+sMw9XaFLSwP8FiH70O
oaF2J5BB0DMIcnygd0Ag0WVnx7PR5peoshLcI6J4fc8oSuCea3g+SfFGO4TfGBdk
zb/JmeEztzHbPisOOSqYfRPQ8F+YgMEvny8B30ZHTChcBFilzgEu
Private-Lines: 14
AAABAD/muCsQlT9Znl5/xlXDuG5oqC+NSYua38P5Q7X3r7QMx9NZDqYL2lTffUCC
LbasBSeqHBgrpNS48cAtZhevlDQIbq3xdM4JZH5iGqiQcNn876FIctiD8kODVE30
Fnp989isx8BxnXzf/Eztfr0PzmaEbzLpXb+fj/iM+0PIovhpessO48neg9QA+bbs
fDWVWgoqwDFlWj8TGfXrHxX7CzFsgZLPm3TwopawK85gywdf+9NRVfb4Vm0H/dts
1iEoeubmvkn1m8MC3UZN4iq2Cbo99ug5z872IF+5FA1IUi2XB5+wmY+j2qGOnHUo
5DV2hSyWkumXIiE21sHzhS8YWykAAACBANyJLVi5tMlHQ+rbRL6BnmONi1QuHhn1
YcRzuxbJ4TmSpnYF/F0D48EAkYYUQ9tWNo9inD2yh4AG0/Z4vKevXKXdesaMY0Ex
BXMbwCSoqy98GDQUBXQRGcGNlIWBmoGg6hAQlXNqSnhXm/N6qDMTmhEFVkbY6Q05
h1lr4TGfpQ2bAAAAgQCtYMi2WCFxsgwRFLAYb1mFVxKNndkO4vFfzaLBiM/PVvIM
KdPydvCL6mTGfpR9aqoI/60OoyhtO6YkHhpKJ/A17baBsGUbyLXwk5pHTtBSZb7M
YLkCgkl21Ew6wwgrq15c+cvBrBTy+SabRsaYeH7ovmDCZXB/CtHtug6UvD8d/QAA
AIEApHA2XkJzyuxec3zInwDLwAO760u0fozfQZcUbI5L8vdainWuz7lSGm8VfNoM
3ih6arTTz2dNbffVtQ2CKqwSyOQIoxkq+013CQDCmgqzhMxj7GAV/s4f27Lpia96
UsaMIvA4VdbqGWklNYI78H01/mEdmbzMR5yiNst6W5SYxT2=
Private-MAC: 5efa403a5d50dd4b4e7054ed7a072a816fb4d03c5432c3f258b8ab85104b94a3
Whereas each key line in .ssh/authorized_keys has something like (note: there must be no line breaks!):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVXBP+N6RVMS524DBnXzhTNCp5roOu2uqwWVOPqEGgApeBuE9jNBvx4hc+zRCiPXsUnkclBTRF/VacEBb7ONDbh+icrKhkRN1GqeKItNzcrG2nrP1syvhaZyaRe7VNb8iMnCEZSzj8VYFfkDUfziT/j2w7Wd++PQpYcXe7AwK9UH+AVz9wX4Il5vnPIFGM8ZaW7SvjoGuCEP577+sMw9XaFLSwP8FiH70OoaF2J5BB0DMIcnygd0Ag0WVnx7PR5peoshLcI6J4fc8oSuCea3g+SfFGO4TfGBdkzb/JmeEztzHbPisOOSqYfRPQ8F+YgMEvny8B30ZHTChcBFilzgEu test@test.com
Basic SSH knowledge, however.
Yes, of course. I already did it in a proper way. I imported the key into puttygen, copy the code and pasted in opnsense, one line key, no line break
Current version of putty? The message could just as well mean, OPNsense does not like the host key that putty presents.
Also is there a debug mode in putty, equivalent to 'ssh -v'?
Last if you are running Windows 10 or newer, putty is not really necessary - there's a perfectly fine CLI SSH client. Also ssh-keygen.
Oh, damn, this I didn't tried. I thought that putty is better.
Seems that it is working ok with the ssh of windows cmd. Thanks!
PS: if you have any idea how to make it work with putty as well, don't hesitate to tell me. I am trying to understand that putty is doing wrong.