Ye blog of Adam Wright

DIY, tutorials, stuff for geeks, all updated when I have the time to spare.

How To Fix “Server refused our key” Error in CentOS 6

9 Comments Posted by on 04/15/2013

I recently fired up a CentOS 6 VPS for debugging and testing some remote stuff. However, when I tried using an SSH key to remotely login, I was stopped with the dreaded “Server refused our key” error that we’ve all seen when we mess up an SSH key or use a PuttyGen-created public key rather than copy/pasting the OpenSSH key contents into authorized_keys like we should (don’t act like you’ve never done it).

So I triple-checked everything and even used ssh-keygen on the server to create the keys rather than using PuttyGen, but it still wouldn’t work. As I was Googling around searching for answers, I noticed people using a restorecon command and the “PermitRootLogin without-password” setting in their sshd_config file for enabling root login via passwordless keys. An example post can be found here.

Turns out the restorecon command is what we need to use. I don’t know much about the command but it’s man-page says it “restore file(s) default SELinux security contexts”.

After running this on my server, I was able to login as user adam with a password-less SSH key:

restorecon -R -v /home/adam/.ssh

I’m honestly not sure what the resetorecon command does, but I know its what’s needed to make password-less SSH keys work for user adam. If you want to login as root with a password-less SSH key, then you’d run this command:

restorecon -R -v /root/.ssh

As a note, I’m unsure if this is just CentOS 6 or not, but a friend that uses CentOS 5.x said that he has never had to use the restorecon command to get SSH keys to work, so it might be a new standard feature found in the release notes of CentOS 6.

Image

Uncategorized , , , , , , , , , , ,

9 responses to “How To Fix “Server refused our key” Error in CentOS 6

  1. techpain 06/17/2013 at 5:02 PM

    The ‘restorecon’ command is for restoring default security contexts for use with SELinux. If SELinux is disabled, or the authorized_keys file was copied with the extended attributes left in place (or possibly other reasons) the command wouldn’t be necessary.

    Reply
  2. techpain 06/17/2013 at 5:03 PM

    Thanks for the post, was having trouble remembering the command.

    Reply

  3. Pingback: centos6 ssh “Server refused our key” Error | Aj's Blog

  4. Rulo Saavedra 05/01/2014 at 10:51 PM

    Thanks! it helped me a lot, will have to start reading more about this SELinux, so far it has given me nothing but troubles :p

    Reply

  5. Pingback: Adding a Linux Slave node to Jenkins | Chuanyu.Wang 王传宇

  6. Rich G. 03/09/2016 at 1:08 PM

    I am running a new install of CentOS7 and have been battling this particular issue for a few days now. I noticed the ‘restorecon’ trick mentioned on a few other CentOS-related troubleshooting sites, but ‘restorecon’ is a command used in for SELinux systems, which I did not install. Nevertheless, after giving up hope and trying as a last ditch effort, it worked.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: