Add An SSH Public Key Error

Questions about SNMP, Power, System, Logs, disk, & RAID.
Post Reply
themos2311
Starting out
Posts: 21
Joined: Mon Jun 06, 2022 4:48 am

Add An SSH Public Key Error

Post by themos2311 »

I've been trying for two day to get a Public key up into my Qnap NAS. I've tried putting the public key in the Authorized_Key file and every time I get a message stating "Putty Server Refused our Key" and it requests my password. I can login with the password.

I have contact the Help Desk to find out where the official location is for the authorized_key file to reside.

Today I discovered under my login account in Qnap, under options, a tab for SSH keys. With SSH connection enabled, and acccess permissions verified, I get the attached error.

I do have one Thick Volume up and running so not sure why I am getting this message as if there is no volume.
You do not have the required permissions to view the files attached to this post.
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: Add An SSH Public Key Error

Post by FSC830 »

The name of the file is authorized_keys, the OS is case sensitve.
If your file is named Authorized_Key it will never work!
Anyhow I cant explain this error message.
Will lookup in my NAS later where I placed this file.

Regards

Edit: I am using SSH with "admin" account (ssh -l admin <IP> <command>.
The authorized_keys file is located in /root/.ssh .
Check in same directory also sshd_config.

Code: Select all

[~/.ssh] # cat sshd_config
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
PermitRootLogin yes
UseDNS no
Subsystem sftp /usr/libexec/sftp-server
AllowTcpForwarding no
AllowUsers admin user1 user2
Replace user1/user2 with usernames you enabled for SSH (in any).
themos2311
Starting out
Posts: 21
Joined: Mon Jun 06, 2022 4:48 am

Re: Add An SSH Public Key Error

Post by themos2311 »

There were no files in .ssh so I created both authorized_keys and sshd_config. Added two user names for the values you indicated above.

Still getting the following error when using Putty. If I enter the password, I get logged in as normal.

Using username "admin".
Server refused our key

Do I need restart anything for this to take effect?
You do not have the required permissions to view the files attached to this post.
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: Add An SSH Public Key Error

Post by FSC830 »

I guess you are in wrong directory.
Your screenshot shows /.ssh and not /root/.ssh .

If your are logged in in admins home directory [~] then this is /root. There you need to create the .ssh directory.

Regards

And no, no restart is necessary.
User avatar
OneCD
Guru
Posts: 12038
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Add An SSH Public Key Error

Post by OneCD »

Permissions on these directories and files are also usually an issue. Make sure they’re set correctly. ;)

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
themos2311
Starting out
Posts: 21
Joined: Mon Jun 06, 2022 4:48 am

Re: Add An SSH Public Key Error

Post by themos2311 »

From WINSCP, it sure looks like I am in root and then the .ssh directory.
You do not have the required permissions to view the files attached to this post.
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: Add An SSH Public Key Error

Post by FSC830 »

You are wrong!
/ (root) and /root are different paths! You can check this easily with pwd command.

Code: Select all

[~] # pwd
/root
[~] # cd /
[/] # pwd
/
[/] #
Regards

But me too did a mistake: .ssh in /root is a symlink redirecting to /etc/config/.ssh
There needs the files to be placed.

Code: Select all

[~] # ls -lisa
total 36
 5725 0 drwxr-xr-x  2 admin administrators  220 2022-01-28 10:32 ./
 5153 0 drwxr-xr-x 23 admin administrators  560 2022-02-04 09:47 ../
 5729 8 -rw-r--r--  1 admin administrators 4832 2022-06-26 21:14 .bash_history
 5730 4 -rw-r--r--  1 admin administrators  175 2004-10-09 04:49 .bash_logout
 5733 4 -rw-r--r--  1 admin administrators  161 2004-10-09 04:49 .bash_profile
 5726 4 -rw-r--r--  1 admin administrators 1687 2007-07-18 12:24 .bashrc
 9719 0 lrwxrwxrwx  1 admin administrators    6 2022-01-28 11:28 .BitTornado -> ../tmp/
50793 4 -rw-r--r--  1 admin administrators   36 2022-01-28 10:32 .buzzer_warnning.conf
 5728 8 -rw-r--r--  1 admin administrators 6526 2007-07-11 11:35 index_default.html
 5732 4 -rw-r--r--  1 admin administrators   27 2007-01-29 10:47 .profile
49092 0 lrwxrwxrwx  1 admin administrators   15 2022-01-28 10:32 .ssh -> /etc/config/ssh/
[~] #
themos2311
Starting out
Posts: 21
Joined: Mon Jun 06, 2022 4:48 am

Re: Add An SSH Public Key Error

Post by themos2311 »

I apologize if I come across ignorant. :-) I live in a Windows world most of the time in my FT job.

It looks like when I click on root and then into .ssh (highlighted in gray), it takes me to the same place as etc/config/ssh. And the authorized_keys and sshd_config are edited as you suggest.

Same result from Putty. Server refused our key.
You do not have the required permissions to view the files attached to this post.
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: Add An SSH Public Key Error

Post by FSC830 »

Nothing to apologize :DD , but often Windows "minded" people mistake / (root) and /root :wink: .
So next steps you can do:
Start from your client with ssh -v or ssh -vvv to see additional information.
Please post the output when running this command.

How did you create the key? ssh-keygen -t? -?

Here is an example from QTS 4.3.4 and QTS 5.0.1 (beta), SSH runs at a raspberry PI, if option -l (l=lowercase L for login) is not used with NAS user, password is required:

Code: Select all

pi@pi64:~ $ ssh -l admin 192.168.0.104 uname -a
Linux CELVIN-Q902-3 3.4.6 #1 SMP Tue Apr 23 14:56:51 CST 2019 x86_64 GNU/Linux
pi@pi64:~ $ ssh -l admin 192.168.1.90 uname -a
Linux TS473-01 5.10.60-qnap #1 SMP Sun May 15 07:07:21 CST 2022 x86_64 GNU/Linux
pi@pi64:~ $ ssh 192.168.1.90 uname -a
pi@192.168.1.90's password:
Regards

Edit: at both NAS the "admin" user is not disabled as recommended by QNAP. If you are using an other account, you need to modify the SSH command with the specific username.
Last edited by FSC830 on Tue Jun 28, 2022 6:39 pm, edited 1 time in total.
themos2311
Starting out
Posts: 21
Joined: Mon Jun 06, 2022 4:48 am

Re: Add An SSH Public Key Error

Post by themos2311 »

I used the Putty Key Generator with RSA and 2048 bits. Saved the Private key on my desktop (for now) and have been trying to put the Public key where it needs to go.

I must admit some confusion when I first login ssh into Qnap. Its like learning where I am at. First command I run is ls and it see @Recycle@

Attached is the screen capture of the commands ssh -v.
You do not have the required permissions to view the files attached to this post.
themos2311
Starting out
Posts: 21
Joined: Mon Jun 06, 2022 4:48 am

Re: Add An SSH Public Key Error

Post by themos2311 »

I got it! I guess I took the easy way out which I discovered in the Qnap GUI. Under the top Username tab, under Options, one can set the SSH keys. I pasted the public key in the window, gave it a name and from Putty, it took it with no problems.

If I really get motivated, I'll try to find where it actually stored it. :-)
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: Add An SSH Public Key Error

Post by FSC830 »

Nice to hear it works, but usualy it should work also when putting the key by CLI. Actually I never used GUI for that :DD .

Regards

BTW: running ssh -v produces not a useful output, you need to add the -v in the complete command, i.e.:

Code: Select all

pi@pi64:~ $ ssh -v -l admin 192.168.1.90 uname -a
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1n  15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.90 [192.168.1.90] port 22.
debug1: Connection established.
debug1: identity file /home/pi/.ssh/id_rsa type 0
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: identity file /home/pi/.ssh/id_dsa type -1
debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
debug1: identity file /home/pi/.ssh/id_ecdsa type -1
debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/pi/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/pi/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/pi/.ssh/id_ed25519 type -1
debug1: identity file /home/pi/.ssh/id_ed25519-cert type -1
debug1: identity file /home/pi/.ssh/id_ed25519_sk type -1
debug1: identity file /home/pi/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/pi/.ssh/id_xmss type -1
debug1: identity file /home/pi/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.90:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:bFHqP2f6PF...
debug1: Host '192.168.1.90' is known and matches the RSA host key.
debug1: Found key in /home/pi/.ssh/known_hosts:3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/pi/.ssh/id_rsa RSA SHA256:NLTyItNBAi....
debug1: Will attempt key: /home/pi/.ssh/id_dsa
debug1: Will attempt key: /home/pi/.ssh/id_ecdsa
debug1: Will attempt key: /home/pi/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/pi/.ssh/id_ed25519
debug1: Will attempt key: /home/pi/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/pi/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,                                                                                                  ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/pi/.ssh/id_rsa RSA SHA256:NLTyItNBAi...
debug1: Server accepts key: /home/pi/.ssh/id_rsa RSA SHA256:NLTyItNBAi...
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.90 ([192.168.1.90]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_ALL = en_US.UTF-8
debug1: Sending command: uname -a
Linux TS473-01 5.10.60-qnap #1 SMP Sun May 15 07:07:21 CST 2022 x86_64 GNU/Linux
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3316, received 4056 bytes, in 0.3 seconds
Bytes per second: sent 10713.1, received 13103.8
debug1: Exit status 0
pi@pi64:~ $
dosborne
Experience counts
Posts: 1791
Joined: Tue May 29, 2018 3:02 am
Location: Ottawa, Ontario, Canada

Re: Add An SSH Public Key Error

Post by dosborne »

themos2311 wrote: Tue Jun 28, 2022 8:46 am Its like learning where I am at. First command I run is ls and it see @Recycle@
As you navigate around, the "pwd" command becomes your friend :) There are a number of handy tricks on modifying the shell prompt to make it display useful information to you as well, but oo many to list here, and you !ay not need that extreme a solution so i will leave it you you to Google some examples if you desire?
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
Post Reply

Return to “System & Disk Volume Management”