FreeKB - PuTTY Resolve "Server refused our key"
PuTTY - Resolve "Server refused our key"

Ensure PuTTY has the correct private key:

  1. Launch PuTTY.
  2. In the left panel, expand +SSH and highlight auth. Ensure the correct private key is being used.


Ensure the Linux SSH server has the correct public key. In this example, we can see that the public key on Windows in Notepad++ matches the public key at /root/.ssh/authoriuzed_keys.


Ensure the /etc/ssh/sshd_config file has the following settings:

PermitRootLogin        without-password
PubkeyAuthentication   yes
AuthorizedKeysFile     .ssh/authorized_keys


Ensure the permissions and ownership of the authorized_keys file and .ssh directory are correct.

chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
chown root:root /root/.ssh
chown root:root /root/.ssh/authorized_keys


The ps command can be used to determine if your system is using init or systemd. If PID 1 is init, then you will use the service command. If PID 1 is systemd, then you will use the systemctl command.

If your system is using systemd, use the systemctl command to ensure sshd is running.

systemctl status sshd


If your system is using init, use the service command to ensure sshd is running.

service sshd status


If problems persist, view the /var/log/secure or /var/log/auth.log files. In this example, the log file has No supported authentication methods available.

[root@server1 ~]# tail /var/log/secure
. . .
No supported authentication methods available
. . .


SELinux may be preventing SSHD from accessing /root/.ssh/authorized_keys. To check this, set SELinux to permissive mode. Once in permissive mode, if you are able to connect, this configures SELinux is preventing SSHD from accessing /root/.ssh/authorized_keys.

[root@server1 ~]# echo 0 > /sys/fs/selinux/enforce


The ls -Z command can be used to view the current SELinux configuration. Notice in this example that samba_share_t is listed. This is not the expected output.

[root@server1 ~]# ls -Z /root/.ssh
-rw-------. root root system_u:object_r:samba_share_t:s0 authorized_keys


To configure SELinux to allow SSHD access to /root/.ssh/authorized_keys. 

[root@server1 ~]# restorecon -FRvv ~/.ssh


Checking the SELinux configuration, we can now see that ssh_home_t is listed.

[root@server1 ~]# ls -Z /root/.ssh
-rw-------. root root system_u:object_r:ssh_home_t:s0 authorized_keys


Set SELinux back to enforcing.

[root@server1 ~]# echo 1 > /sys/fs/selinux/enforce


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 4c5de in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |