Cannot get SSH & Web Terminal add-on to accept authorized_keys

I can use the add-on using a username and password, but when trying to use the authorized_keys, I always get a ‘Server refused our key’.

The debug log shows the following message at the end:

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Received disconnect from 192.168.0.111 port 53473:14: No supported authentication methods available [preauth]
Disconnected from authenticating user hassio 192.168.0.111 port 53473 [preauth]

The rsa key I am using seems to be ok, as it is working well to access the system as (real) root using ssh into port 22222.

I have tried several ways/formats to enter the key into the configuration file and restarts of the add-on, and I even tried to manually put the key in the .ssh folder when logged in with username and password, but I keep getting the same error.

I can get where I want using the port 22222 login (and perform a docker exec into the ssh add-on) but I would like to get this sorted out.

Thanks.

There was an upstream change on OpenSSH 8.X. Recommendation is to create new keys using ECDSA or Ed25519

Problem solved !

Thank you for pointing me into the right direction, both for this issue and for a better place to look first for candidate issues with add-ons in general in the future.

Highly appreciated !

Hi @epposan, how did you eventually solve this?

I’ve got the latest (0.77) version of Putty and PuttyGen, and tried creating new ECDSA and EdDSA keys, but still when I try to connect I get the same No supported authentication methods available [preauth] error message, no change.

I did notice that the YAML editor mangles the line breaks in the public key a bit, but since it used to work in the past, I don’t think that’s the problem:

Hi @heckler ,

I don’t know whether it make a difference, but I entered the key without the header and trailer, like this:

ssh-key-1

Which then got mangled into:

ssh-key-2

Furthermore, I am using an empty password field:

ssh-key-3

and I don’t recognize the following entry:

apks: []

Are we talking about the same add-on:

SSH & Web Terminal
Current version: 11.0.2 
2 Likes

Yay! You nailed it, I was missing the step of converting the public key to OpenSSH format, like you show on your reply. Did that and now all is working again. THANKS! :slight_smile:

As for the add-on: I’m using the “Terminal & SSH”) add-on, version 9.6.0

That password was left in the screenshot by mistake, I was testing to see whether it would allow me to connect with a password as a fallback, but it did not (at least not while I had the mangled key in the config). It does not matter much as this is a throwaway test password, but still bad practice, should’ve noticed and scraped it from the image.

My config (working fine now) looks like this now:
image

1 Like

@heckler How did you manage to get this working. I can login without keys and just a password but constantly get ‘connection refused’ with any type of key generated from putty. I copy and paste from the right place too. Any thoughts?

Hello @0MartyMcFly0 no problem. I hope it does not sound patronizing (not my intention), but I will spell it out in detail below, might be useful for others facing this issue later:

Assuming you’re using Putty, you might already have it’s key generator, PuttyGen in your system. If you don’t, you can grab it here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Open PutyGen and then:

  1. Select the key type EdDSA
  2. Click generate and move your mouse to create some randomness
  3. Once the key is created, save the public key under (someting.pub)
  4. And the private key (someting.ppk)
  5. Copy the public key in RSA format and paste it into the configuration for the SSH addon

image

Then, in Putty:

  1. On the menu to the left, go to Connection > SSH > Auth
  2. On the Private Key textbox, click Browse and locate the Private Key you saved in step 4 above

image

That should get you there.

1 Like

Can’t thank you enough for taking the time to post all of that in detail. Unfortunately I’m still getting “Network error: Connection refused”

Sorry to hear that, but I have no other suggestion to offer at this time. The procedure above worked fine for me (Putty / Puttygen version 0.77)

1 Like

So I was doing all this because I want to monitor some stats from my NAS through SSH as described in this post by @EventuallyFixed . That means a one line login, no password. I finally got it working with this line…

ssh -o PubkeyAcceptedKeyTypes=ssh-rsa -i <link to private key> -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-rsa [email protected]

Then I just needed this line to grab the data…

df /dev/md2 | awk 'FNR == 2 {print $5}'

New-1

I’m so happy it’s working. My NAS is an ancient (at least 10 years old) WD My Book World Edition. No integration, no SNMP. So as far as I know, this is the only option. Thanks to @heckler & @EventuallyFixed for the help!

2 Likes