Ye blog of Adam Wright

DIY, tutorials, stuff for geeks, all updated when I have the time to spare.

How To Fix “Server refused our key” Error in CentOS 6

I recently fired up a CentOS 6 VPS for debugging and testing some remote stuff. However, when I tried using an SSH key to remotely login, I was stopped with the dreaded “Server refused our key” error that we’ve all seen when we mess up an SSH key or use a PuttyGen-created public key rather than copy/pasting the OpenSSH key contents into authorized_keys like we should (don’t act like you’ve never done it).

So I triple-checked everything and even used ssh-keygen on the server to create the keys rather than using PuttyGen, but it still wouldn’t work. As I was Googling around searching for answers, I noticed people using a restorecon command and the “PermitRootLogin without-password” setting in their sshd_config file for enabling root login via passwordless keys. An example post can be found here.

Turns out the restorecon command is what we need to use. I don’t know much about the command but it’s man-page says it “restore file(s) default SELinux security contexts”.

After running this on my server, I was able to login as user adam with a password-less SSH key:

restorecon -R -v /home/adam/.ssh

I’m honestly not sure what the resetorecon command does, but I know its what’s needed to make password-less SSH keys work for user adam. If you want to login as root with a password-less SSH key, then you’d run this command:

restorecon -R -v /root/.ssh

As a note, I’m unsure if this is just CentOS 6 or not, but a friend that uses CentOS 5.x said that he has never had to use the restorecon command to get SSH keys to work, so it might be a new standard feature found in the release notes of CentOS 6.

Image

About these ads

6 responses to “How To Fix “Server refused our key” Error in CentOS 6

  1. techpain 06/17/2013 at 5:02 PM

    The ‘restorecon’ command is for restoring default security contexts for use with SELinux. If SELinux is disabled, or the authorized_keys file was copied with the extended attributes left in place (or possibly other reasons) the command wouldn’t be necessary.

  2. techpain 06/17/2013 at 5:03 PM

    Thanks for the post, was having trouble remembering the command.

  3. Pingback: centos6 ssh “Server refused our key” Error | Aj's Blog

  4. Rulo Saavedra 05/01/2014 at 10:51 PM

    Thanks! it helped me a lot, will have to start reading more about this SELinux, so far it has given me nothing but troubles :p

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 488 other followers

%d bloggers like this: