Cannot get SSH & Web Terminal add-on to accept authorized_keys

Configuration
#1

I can use the add-on using a username and password, but when trying to use the authorized_keys, I always get a ‘Server refused our key’.

The debug log shows the following message at the end:

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Received disconnect from 192.168.0.111 port 53473:14: No supported authentication methods available [preauth]
Disconnected from authenticating user hassio 192.168.0.111 port 53473 [preauth]

The rsa key I am using seems to be ok, as it is working well to access the system as (real) root using ssh into port 22222.

I have tried several ways/formats to enter the key into the configuration file and restarts of the add-on, and I even tried to manually put the key in the .ssh folder when logged in with username and password, but I keep getting the same error.

I can get where I want using the port 22222 login (and perform a docker exec into the ssh add-on) but I would like to get this sorted out.

Thanks.

#2

There was an upstream change on OpenSSH 8.X. Recommendation is to create new keys using ECDSA or Ed25519

2 Likes
#3

Problem solved !

Thank you for pointing me into the right direction, both for this issue and for a better place to look first for candidate issues with add-ons in general in the future.

Highly appreciated !

#4

Hi @epposan, how did you eventually solve this?

I’ve got the latest (0.77) version of Putty and PuttyGen, and tried creating new ECDSA and EdDSA keys, but still when I try to connect I get the same No supported authentication methods available [preauth] error message, no change.

I did notice that the YAML editor mangles the line breaks in the public key a bit, but since it used to work in the past, I don’t think that’s the problem:

image
image860×274 8.46 KB

#5

Hi @heckler ,

I don’t know whether it make a difference, but I entered the key without the header and trailer, like this:

ssh-key-1

Which then got mangled into:

ssh-key-2

Furthermore, I am using an empty password field:

ssh-key-3

and I don’t recognize the following entry:

apks: []

Are we talking about the same add-on:

SSH & Web Terminal
Current version: 11.0.2
2 Likes
#6

Yay! You nailed it, I was missing the step of converting the public key to OpenSSH format, like you show on your reply. Did that and now all is working again. THANKS! :slight_smile:

As for the add-on: I’m using the “Terminal & SSH”) add-on, version 9.6.0

That password was left in the screenshot by mistake, I was testing to see whether it would allow me to connect with a password as a fallback, but it did not (at least not while I had the mangled key in the config). It does not matter much as this is a throwaway test password, but still bad practice, should’ve noticed and scraped it from the image.

My config (working fine now) looks like this now:
image

1 Like
#7

@heckler How did you manage to get this working. I can login without keys and just a password but constantly get ‘connection refused’ with any type of key generated from putty. I copy and paste from the right place too. Any thoughts?

#9

Hello @0MartyMcFly0 no problem. I hope it does not sound patronizing (not my intention), but I will spell it out in detail below, might be useful for others facing this issue later:

Assuming you’re using Putty, you might already have it’s key generator, PuttyGen in your system. If you don’t, you can grab it here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Open PutyGen and then:

  1. Select the key type EdDSA
  2. Click generate and move your mouse to create some randomness
  3. Once the key is created, save the public key under (someting.pub)
  4. And the private key (someting.ppk)
  5. Copy the public key in RSA format and paste it into the configuration for the SSH addon

image

Then, in Putty:

  1. On the menu to the left, go to Connection > SSH > Auth
  2. On the Private Key textbox, click Browse and locate the Private Key you saved in step 4 above

image

That should get you there.

3 Likes
#10

Can’t thank you enough for taking the time to post all of that in detail. Unfortunately I’m still getting “Network error: Connection refused”

#11

Sorry to hear that, but I have no other suggestion to offer at this time. The procedure above worked fine for me (Putty / Puttygen version 0.77)

1 Like
#12

So I was doing all this because I want to monitor some stats from my NAS through SSH as described in this post by @EventuallyFixed . That means a one line login, no password. I finally got it working with this line…

ssh -o PubkeyAcceptedKeyTypes=ssh-rsa -i <link to private key> -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-rsa root@host

Then I just needed this line to grab the data…

df /dev/md2 | awk 'FNR == 2 {print $5}'

New-1

I’m so happy it’s working. My NAS is an ancient (at least 10 years old) WD My Book World Edition. No integration, no SNMP. So as far as I know, this is the only option. Thanks to @heckler & @EventuallyFixed for the help!

2 Likes
#13

For anyone who runs into this in the future, check your log files. I ran into an issue where my ppk file was too new. The post below goes into detail on the settings that need changing in puttykeygen!

#14

I had the same issue but in my case it was solved by
commenting out these two lines

ControlMaster auto
ControlPath ~/.ssh/control/%h_%p_%r

in my
$HOME/.ssh/config
file

These 3 links helped me uncover the solution for me
Getting getsockname failed: Not a socket · Issue #4253 · microsoft/vscode-remote-release · GitHub
getsockname failed: Not a socket, Failed to parse remote port from server output · Issue #1309 · microsoft/vscode-remote-release · GitHub

My ssh keys were correct and I tried everything I could think of, I generated new ssh keys with different options -t rsa -b 4096
and
-t ed25519
nothing worked until I commented out those 2 lines that .ssh/config file

#15

Thanks for the idiot guide, it helped me through the process and I now have it working.

#16

This seems also the case for ssh? Yesterday login via ssh in drove me crazy. I used rsa keys. Today i used ecdsa and ha accepted my key

#17

The add-on seems to have a bug that reverts to the old key after restarting. Remember to double check that your newly created key is still entered before reconnecting :smiley:

#18

I do not have the place to feed in the location of the priv key (PuTTY 0.79)

image

…it is under credentials.

image

However, it requires (probably) something to be put in the last box, but I don’t have any idea what it is. What ever I try, it just makes this windowslike “ping” sound and does not accept it.