OpenSSH - PuTTY (Key refused)

Question

I'm setting up a small OpenSSH server so that I can access important files without sitting directly in front of my home computer. I've success fully set up the server, but now I want to set up key authentication (so that it's a little bit tougher for someone to break into).

I've copied the keys from my Lubuntu setup, copied them to my windows machine, and converted them to .ppk format with puttygen. In the SSH -> Auth section, I've selected my RSA.ppk key file, saved the settings and logged into the server. I enter my username, but then after, I receive the output: Server refused our key.

I've uncommented the HostKey lines for RSA, ECDSA, and ED25519 in my sshd_config. I don't know what else I'm supposed to do.

score 1 · Answer 1 · answered Jan 05 '18 at 01:07

1

Using PuTTYgen, I created a randomized public/private key pair, and pasted the text in the output box to the ~/.ssh/authorized_keys file. Key file authentication works perfectly.

answered Jan 05 '18 at 01:07

score 0 · Answer 2 · answered Jan 05 '18 at 03:16

SSH uses two different sets of asymmetric (private/public) keys -- one to authenticate the host/server to the client(s), and optionally a different one to authenticate a client to the host/server.

The HostKey configuration in sshd_config is for the keys for the host, not for any client. The directive in sshd_config that enables pubkey authentication for clients is PubKeyAuthentication, but you don't need to specify (or usually uncomment) it because it is on by default.

It should work, and does for me, to convert an OpenSSH-generated key with PuTTYgen and use it in PuTTY as you described, but ONLY if it is in ~/.ssh/authorized_keys for the appropriate user (*) -- this is required for ANY client key, no matter where or how generated. Generating a key on one Unix system does not automatically add it to authorized_keys on that system (since you don't usually need ssh to access a system you are already on) nor any other system (since this system can't know which other systems you might wish to access, including perhaps several years in the future). You mention adding to authorized_keys only for your new PuTTYgen-generated key, not the Unix-generated and PuTTYgen-converted one.

(*) or other location if specified by AuthorizedKeysFile in sshd_config but that's rare

score 0 · Answer 3 · answered May 16 '25 at 23:11

0

In my case I had same issue. It turned out I hadn't updated my Putty for 8 years. After I updated Putty it started to work.

answered May 16 '25 at 23:11

u4963840

111

OpenSSH - PuTTY (Key refused)

3 Answers3