Add An SSH Public Key Error
-
- Starting out
- Posts: 21
- Joined: Mon Jun 06, 2022 4:48 am
Add An SSH Public Key Error
I've been trying for two day to get a Public key up into my Qnap NAS. I've tried putting the public key in the Authorized_Key file and every time I get a message stating "Putty Server Refused our Key" and it requests my password. I can login with the password.
I have contact the Help Desk to find out where the official location is for the authorized_key file to reside.
Today I discovered under my login account in Qnap, under options, a tab for SSH keys. With SSH connection enabled, and acccess permissions verified, I get the attached error.
I do have one Thick Volume up and running so not sure why I am getting this message as if there is no volume.
I have contact the Help Desk to find out where the official location is for the authorized_key file to reside.
Today I discovered under my login account in Qnap, under options, a tab for SSH keys. With SSH connection enabled, and acccess permissions verified, I get the attached error.
I do have one Thick Volume up and running so not sure why I am getting this message as if there is no volume.
You do not have the required permissions to view the files attached to this post.
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: Add An SSH Public Key Error
The name of the file is authorized_keys, the OS is case sensitve.
If your file is named Authorized_Key it will never work!
Anyhow I cant explain this error message.
Will lookup in my NAS later where I placed this file.
Regards
Edit: I am using SSH with "admin" account (ssh -l admin <IP> <command>.
The authorized_keys file is located in /root/.ssh .
Check in same directory also sshd_config.
Replace user1/user2 with usernames you enabled for SSH (in any).
If your file is named Authorized_Key it will never work!
Anyhow I cant explain this error message.
Will lookup in my NAS later where I placed this file.
Regards
Edit: I am using SSH with "admin" account (ssh -l admin <IP> <command>.
The authorized_keys file is located in /root/.ssh .
Check in same directory also sshd_config.
Code: Select all
[~/.ssh] # cat sshd_config
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
PermitRootLogin yes
UseDNS no
Subsystem sftp /usr/libexec/sftp-server
AllowTcpForwarding no
AllowUsers admin user1 user2
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Starting out
- Posts: 21
- Joined: Mon Jun 06, 2022 4:48 am
Re: Add An SSH Public Key Error
There were no files in .ssh so I created both authorized_keys and sshd_config. Added two user names for the values you indicated above.
Still getting the following error when using Putty. If I enter the password, I get logged in as normal.
Using username "admin".
Server refused our key
Do I need restart anything for this to take effect?
Still getting the following error when using Putty. If I enter the password, I get logged in as normal.
Using username "admin".
Server refused our key
Do I need restart anything for this to take effect?
You do not have the required permissions to view the files attached to this post.
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: Add An SSH Public Key Error
I guess you are in wrong directory.
Your screenshot shows /.ssh and not /root/.ssh .
If your are logged in in admins home directory [~] then this is /root. There you need to create the .ssh directory.
Regards
And no, no restart is necessary.
Your screenshot shows /.ssh and not /root/.ssh .
If your are logged in in admins home directory [~] then this is /root. There you need to create the .ssh directory.
Regards
And no, no restart is necessary.
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
- OneCD
- Guru
- Posts: 12161
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Add An SSH Public Key Error
Permissions on these directories and files are also usually an issue. Make sure they’re set correctly.
-
- Starting out
- Posts: 21
- Joined: Mon Jun 06, 2022 4:48 am
Re: Add An SSH Public Key Error
From WINSCP, it sure looks like I am in root and then the .ssh directory.
You do not have the required permissions to view the files attached to this post.
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: Add An SSH Public Key Error
You are wrong!
/ (root) and /root are different paths! You can check this easily with pwd command.
Regards
But me too did a mistake: .ssh in /root is a symlink redirecting to /etc/config/.ssh
There needs the files to be placed.
/ (root) and /root are different paths! You can check this easily with pwd command.
Code: Select all
[~] # pwd
/root
[~] # cd /
[/] # pwd
/
[/] #
But me too did a mistake: .ssh in /root is a symlink redirecting to /etc/config/.ssh
There needs the files to be placed.
Code: Select all
[~] # ls -lisa
total 36
5725 0 drwxr-xr-x 2 admin administrators 220 2022-01-28 10:32 ./
5153 0 drwxr-xr-x 23 admin administrators 560 2022-02-04 09:47 ../
5729 8 -rw-r--r-- 1 admin administrators 4832 2022-06-26 21:14 .bash_history
5730 4 -rw-r--r-- 1 admin administrators 175 2004-10-09 04:49 .bash_logout
5733 4 -rw-r--r-- 1 admin administrators 161 2004-10-09 04:49 .bash_profile
5726 4 -rw-r--r-- 1 admin administrators 1687 2007-07-18 12:24 .bashrc
9719 0 lrwxrwxrwx 1 admin administrators 6 2022-01-28 11:28 .BitTornado -> ../tmp/
50793 4 -rw-r--r-- 1 admin administrators 36 2022-01-28 10:32 .buzzer_warnning.conf
5728 8 -rw-r--r-- 1 admin administrators 6526 2007-07-11 11:35 index_default.html
5732 4 -rw-r--r-- 1 admin administrators 27 2007-01-29 10:47 .profile
49092 0 lrwxrwxrwx 1 admin administrators 15 2022-01-28 10:32 .ssh -> /etc/config/ssh/
[~] #
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Starting out
- Posts: 21
- Joined: Mon Jun 06, 2022 4:48 am
Re: Add An SSH Public Key Error
I apologize if I come across ignorant. I live in a Windows world most of the time in my FT job.
It looks like when I click on root and then into .ssh (highlighted in gray), it takes me to the same place as etc/config/ssh. And the authorized_keys and sshd_config are edited as you suggest.
Same result from Putty. Server refused our key.
It looks like when I click on root and then into .ssh (highlighted in gray), it takes me to the same place as etc/config/ssh. And the authorized_keys and sshd_config are edited as you suggest.
Same result from Putty. Server refused our key.
You do not have the required permissions to view the files attached to this post.
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: Add An SSH Public Key Error
Nothing to apologize , but often Windows "minded" people mistake / (root) and /root .
So next steps you can do:
Start from your client with ssh -v or ssh -vvv to see additional information.
Please post the output when running this command.
How did you create the key? ssh-keygen -t? -?
Here is an example from QTS 4.3.4 and QTS 5.0.1 (beta), SSH runs at a raspberry PI, if option -l (l=lowercase L for login) is not used with NAS user, password is required:
Regards
Edit: at both NAS the "admin" user is not disabled as recommended by QNAP. If you are using an other account, you need to modify the SSH command with the specific username.
So next steps you can do:
Start from your client with ssh -v or ssh -vvv to see additional information.
Please post the output when running this command.
How did you create the key? ssh-keygen -t? -?
Here is an example from QTS 4.3.4 and QTS 5.0.1 (beta), SSH runs at a raspberry PI, if option -l (l=lowercase L for login) is not used with NAS user, password is required:
Code: Select all
pi@pi64:~ $ ssh -l admin 192.168.0.104 uname -a
Linux CELVIN-Q902-3 3.4.6 #1 SMP Tue Apr 23 14:56:51 CST 2019 x86_64 GNU/Linux
pi@pi64:~ $ ssh -l admin 192.168.1.90 uname -a
Linux TS473-01 5.10.60-qnap #1 SMP Sun May 15 07:07:21 CST 2022 x86_64 GNU/Linux
pi@pi64:~ $ ssh 192.168.1.90 uname -a
pi@192.168.1.90's password:
Edit: at both NAS the "admin" user is not disabled as recommended by QNAP. If you are using an other account, you need to modify the SSH command with the specific username.
Last edited by FSC830 on Tue Jun 28, 2022 6:39 pm, edited 1 time in total.
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Starting out
- Posts: 21
- Joined: Mon Jun 06, 2022 4:48 am
Re: Add An SSH Public Key Error
I used the Putty Key Generator with RSA and 2048 bits. Saved the Private key on my desktop (for now) and have been trying to put the Public key where it needs to go.
I must admit some confusion when I first login ssh into Qnap. Its like learning where I am at. First command I run is ls and it see @Recycle@
Attached is the screen capture of the commands ssh -v.
I must admit some confusion when I first login ssh into Qnap. Its like learning where I am at. First command I run is ls and it see @Recycle@
Attached is the screen capture of the commands ssh -v.
You do not have the required permissions to view the files attached to this post.
-
- Starting out
- Posts: 21
- Joined: Mon Jun 06, 2022 4:48 am
Re: Add An SSH Public Key Error
I got it! I guess I took the easy way out which I discovered in the Qnap GUI. Under the top Username tab, under Options, one can set the SSH keys. I pasted the public key in the window, gave it a name and from Putty, it took it with no problems.
If I really get motivated, I'll try to find where it actually stored it.
If I really get motivated, I'll try to find where it actually stored it.
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: Add An SSH Public Key Error
Nice to hear it works, but usualy it should work also when putting the key by CLI. Actually I never used GUI for that .
Regards
BTW: running ssh -v produces not a useful output, you need to add the -v in the complete command, i.e.:
Regards
BTW: running ssh -v produces not a useful output, you need to add the -v in the complete command, i.e.:
Code: Select all
pi@pi64:~ $ ssh -v -l admin 192.168.1.90 uname -a
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.90 [192.168.1.90] port 22.
debug1: Connection established.
debug1: identity file /home/pi/.ssh/id_rsa type 0
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: identity file /home/pi/.ssh/id_dsa type -1
debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
debug1: identity file /home/pi/.ssh/id_ecdsa type -1
debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/pi/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/pi/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/pi/.ssh/id_ed25519 type -1
debug1: identity file /home/pi/.ssh/id_ed25519-cert type -1
debug1: identity file /home/pi/.ssh/id_ed25519_sk type -1
debug1: identity file /home/pi/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/pi/.ssh/id_xmss type -1
debug1: identity file /home/pi/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.90:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:bFHqP2f6PF...
debug1: Host '192.168.1.90' is known and matches the RSA host key.
debug1: Found key in /home/pi/.ssh/known_hosts:3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/pi/.ssh/id_rsa RSA SHA256:NLTyItNBAi....
debug1: Will attempt key: /home/pi/.ssh/id_dsa
debug1: Will attempt key: /home/pi/.ssh/id_ecdsa
debug1: Will attempt key: /home/pi/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/pi/.ssh/id_ed25519
debug1: Will attempt key: /home/pi/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/pi/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/pi/.ssh/id_rsa RSA SHA256:NLTyItNBAi...
debug1: Server accepts key: /home/pi/.ssh/id_rsa RSA SHA256:NLTyItNBAi...
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.90 ([192.168.1.90]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_ALL = en_US.UTF-8
debug1: Sending command: uname -a
Linux TS473-01 5.10.60-qnap #1 SMP Sun May 15 07:07:21 CST 2022 x86_64 GNU/Linux
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3316, received 4056 bytes, in 0.3 seconds
Bytes per second: sent 10713.1, received 13103.8
debug1: Exit status 0
pi@pi64:~ $
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Experience counts
- Posts: 1827
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: Add An SSH Public Key Error
As you navigate around, the "pwd" command becomes your friend There are a number of handy tricks on modifying the shell prompt to make it display useful information to you as well, but oo many to list here, and you !ay not need that extreme a solution so i will leave it you you to Google some examples if you desire?themos2311 wrote: ↑Tue Jun 28, 2022 8:46 am Its like learning where I am at. First command I run is ls and it see @Recycle@
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]