Trying to access opnsense SSH with keys but I get "Server refused our key"

[pickone]

Hi!

I am trying to access my opnsense through SSH with authorized keys and it is not working, I always get this error from putty "Server refused our key".

This is all I done till now:

- Enabled "Enable Secure Shell", with "Permit root user login", because I want to use root user
- Generated keys with puttygen
- Pasted the public key into the root user
- Verified the file authorized_keys under .ssh, to be sure that everything is ok
- I open putty, I set the host and the SSH>AUTH private key

When I try to access opnsense, I get that error...

Any idea somebody?

Thanks

[Patrick M. Hausen]

- Generated keys with puttygen

Which type of key, exactly?

[pickone]

SSH-2 RSA key (2048 bits), generated with puttygen

In opnsense, I added the public key to the root username, into the Authorized Keys field.
And used the private .ppk key with putty.

PS: I even created a different user, doesn't have nothing to do with what user I use, same error

[meyergru]

You are aware that Putty stores its key in a slightly different format than what openssh is expecting?

Puttygen does something like this:

Code Select Expand


PuTTY-User-Key-File-3: ssh-rsa
Encryption: none
Comment: rsa-key-20240528
Public-Lines: 6
AAAAB3NzaC1yc2EAAAADAQABAAABAQCVXBP+N6RVMS524DBnXzhTNCp5roOu2uqw
WVOPqEGgApeBuE9jNBvx4hc+zRCiPXsUnkclBTRF/VacEBb7ONDbh+icrKhkRN1G
qeKItNzcrG2nrP1syvhaZyaRe7VNb8iMnCEZSzj8VYFfkDUfziT/j2w7Wd++PQpY
cXe7AwK9UH+AVz9wX4Il5vnPIFGM8ZaW7SvjoGuCEP577+sMw9XaFLSwP8FiH70O
oaF2J5BB0DMIcnygd0Ag0WVnx7PR5peoshLcI6J4fc8oSuCea3g+SfFGO4TfGBdk
zb/JmeEztzHbPisOOSqYfRPQ8F+YgMEvny8B30ZHTChcBFilzgEu
Private-Lines: 14
AAABAD/muCsQlT9Znl5/xlXDuG5oqC+NSYua38P5Q7X3r7QMx9NZDqYL2lTffUCC
LbasBSeqHBgrpNS48cAtZhevlDQIbq3xdM4JZH5iGqiQcNn876FIctiD8kODVE30
Fnp989isx8BxnXzf/Eztfr0PzmaEbzLpXb+fj/iM+0PIovhpessO48neg9QA+bbs
fDWVWgoqwDFlWj8TGfXrHxX7CzFsgZLPm3TwopawK85gywdf+9NRVfb4Vm0H/dts
1iEoeubmvkn1m8MC3UZN4iq2Cbo99ug5z872IF+5FA1IUi2XB5+wmY+j2qGOnHUo
5DV2hSyWkumXIiE21sHzhS8YWykAAACBANyJLVi5tMlHQ+rbRL6BnmONi1QuHhn1
YcRzuxbJ4TmSpnYF/F0D48EAkYYUQ9tWNo9inD2yh4AG0/Z4vKevXKXdesaMY0Ex
BXMbwCSoqy98GDQUBXQRGcGNlIWBmoGg6hAQlXNqSnhXm/N6qDMTmhEFVkbY6Q05
h1lr4TGfpQ2bAAAAgQCtYMi2WCFxsgwRFLAYb1mFVxKNndkO4vFfzaLBiM/PVvIM
KdPydvCL6mTGfpR9aqoI/60OoyhtO6YkHhpKJ/A17baBsGUbyLXwk5pHTtBSZb7M
YLkCgkl21Ew6wwgrq15c+cvBrBTy+SabRsaYeH7ovmDCZXB/CtHtug6UvD8d/QAA
AIEApHA2XkJzyuxec3zInwDLwAO760u0fozfQZcUbI5L8vdainWuz7lSGm8VfNoM
3ih6arTTz2dNbffVtQ2CKqwSyOQIoxkq+013CQDCmgqzhMxj7GAV/s4f27Lpia96
UsaMIvA4VdbqGWklNYI78H01/mEdmbzMR5yiNst6W5SYxT2=
Private-MAC: 5efa403a5d50dd4b4e7054ed7a072a816fb4d03c5432c3f258b8ab85104b94a3


Whereas each key line in .ssh/authorized_keys has something like (note: there must be no line breaks!):

Code Select Expand


ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVXBP+N6RVMS524DBnXzhTNCp5roOu2uqwWVOPqEGgApeBuE9jNBvx4hc+zRCiPXsUnkclBTRF/VacEBb7ONDbh+icrKhkRN1GqeKItNzcrG2nrP1syvhaZyaRe7VNb8iMnCEZSzj8VYFfkDUfziT/j2w7Wd++PQpYcXe7AwK9UH+AVz9wX4Il5vnPIFGM8ZaW7SvjoGuCEP577+sMw9XaFLSwP8FiH70OoaF2J5BB0DMIcnygd0Ag0WVnx7PR5peoshLcI6J4fc8oSuCea3g+SfFGO4TfGBdkzb/JmeEztzHbPisOOSqYfRPQ8F+YgMEvny8B30ZHTChcBFilzgEu test@test.com



Basic SSH knowledge, however.

[pickone]

Yes, of course. I already did it in a proper way. I imported the key into puttygen, copy the code and pasted in opnsense, one line key, no line break

[Patrick M. Hausen]

Current version of putty? The message could just as well mean, OPNsense does not like the host key that putty presents.

Also is there a debug mode in putty, equivalent to 'ssh -v'?

Last if you are running Windows 10 or newer, putty is not really necessary - there's a perfectly fine CLI SSH client. Also ssh-keygen.

[pickone]

Oh, damn, this I didn't tried. I thought that putty is better.
Seems that it is working ok with the ssh of windows cmd. Thanks!

PS: if you have any idea how to make it work with putty as well, don't hesitate to tell me. I am trying to understand that putty is doing wrong.