SSH Server Key Refused - PuTTY and OpenSSH

Gotten a bit frustrated after multiple tries to get into the HASSIO using SSH. I can get in without a keyfile but I’d like to get into 22222 to try and update my HUSBZB-1 firmware. It seems as if it should be something obvious. A little help please, what am I doing wrong?

HASSIO version 0.89.1 , OpenSSH version 5.2

OpenSSH config is:
{
“authorized_keys”: [
“ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEPkGV+gS/jmT2tnCMFHYGqeeroib8nnN6RW2vxKfBMl0Dd/6kkogRGsIKmyQdg/9cZVo4HqKttOit2by+nO1TPqg6pnGkINzc6UzIfKJxHBGJap7SzfTsdiTM2VqQfBKMAZaR7E8FLOwaoXQ94y6e3cTTq95JKHcdMYNwD2UTp6p5eq0xD44n2Uoim8LaygC2hu30GDEX2WlGpT1v/UADNyVCPk/U65ukkch3MC67Kx2IlgOFnZ6f8H78FjhbBXRJhTK3bakv1zyHmm46tL48saFBNsfoWoh9lOxnvPPJAoK9iGzOaStOIXHAD80ho/zo2ysVHQ0WGkQvdAwJUy23TRQ== rsa-key-20190310”
],
“password”: “”

trying to use root to login using port 22 in PuTTy
PuTTy returns:

image1754×736 23.5 KB

OpenSSH log shows:
[INFO] Setup authorized_keys
[INFO] Restore host keys
debug1: Set /proc/self/oom_score_adj from 0 to -1000

debug1: Bind to port 22 on 0.0.0.0.

Server listening on 0.0.0.0 port 22.

debug1: Bind to port 22 on ::.

Server listening on :: port 22.

debug1: Forked child 18.

debug1: Set /proc/self/oom_score_adj to 0

debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8

debug1: inetd sockets after dupping: 3, 3

Connection from 192.xxx.x.xx port xxxxx on xxx.xx.xx.0 port 22

debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70

debug1: no match: PuTTY_Release_0.70

debug1: Local version string SSH-2.0-OpenSSH_7.9

debug1: permanently_set_uid: 22/22 [preauth]

debug1: ssh_sandbox_child: prctl(PR_SET_SECCOMP): Invalid argument [preauth]

debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]

debug1: SSH2_MSG_KEXINIT sent [preauth]

debug1: SSH2_MSG_KEXINIT received [preauth]

debug1: kex: algorithm: [email protected] [preauth]

debug1: kex: host key algorithm: ssh-ed25519 [preauth]

debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]

debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]

debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]

debug1: rekey after 4294967296 blocks [preauth]

debug1: SSH2_MSG_NEWKEYS sent [preauth]

debug1: expecting SSH2_MSG_NEWKEYS [preauth]

debug1: SSH2_MSG_NEWKEYS received [preauth]

debug1: rekey after 4294967296 blocks [preauth]

debug1: KEX done [preauth]

debug1: userauth-request for user root service ssh-connection method none [preauth]

debug1: attempt 0 failures 0 [preauth]

User root not allowed because account is locked

debug1: userauth-request for user root service ssh-connection method publickey [preauth]

debug1: attempt 1 failures 0 [preauth]

debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:XRyJoGxUBI5HcrDb8yuPIHiWVoxbB5pg5j2CpKb+l3Q [preauth]

Received disconnect from xxx.xx.x.xx port xxxxx:14: No supported authentication methods available [preauth]

Disconnected from invalid user root xxx.xx.x.xx port xxxxx [preauth]

debug1: do_cleanup [preauth]

debug1: monitor_read_log: child log fd closed

debug1: do_cleanup

debug1: Killing privsep child 19

You used the USB method to get the public key into Hass.io? This sounds like a similar issue.

I’m also a little confused about what you’re trying to do. You say that you want to ssh to port 22222 (which would get you access to the Hass Python source), but your Putty log shows you connecting to 22 (the default SSH port).

Also you meant port 2222. Only 4 digits.

I tried to log in to port 22, I had previously tried 22222, and 2222. None of them allowed me in, PuTTy gave me the same response. I did not use the USB method to put the public key in Hass.io I put it in the configuration in the OpenSSH add on. Do you have to to both?

I have same problem since the addon is updated.

If I use my private key file then it is refused.

For me as well.

Your private key would not work for public key encryption.
It is only used by trusted endpoints to verify your public key. Then copied, it must always be done securely. Otherwise somebody else cam pretend to be you.

I just made everything as the video shows on the official HA website . I have no any key now because the SSH is useless at the moment therefore I have deleted it.

OK I rarely follow videos but try & stick to the official documentation wherever possible.
This forum is usually my next resource.

Thank you for your advice!
You can find this video on the official documentattion (https://www.home-assistant.io/addons/ssh/) and the private key was tried after the public key method was failed. Unfortunately doesn’t matter what method is used for me, the public key neither work. It looks like I’m not alone with this problem now: https://github.com/home-assistant/hassio-addons/issues/547#issuecomment-473197031

OK, I only tested with password authentication.

Only it is working now.

I normally use the “SSH & Web Terminal” addon from the community repo as it adds more functionality but I keep the core_ssh addon installed as well.

I generated several keys with putty for it just now and they all work.
core_ssh addon 5.2

Very confused as there were a couple users in discord with the same thing. Nothing changed for me after the update.

I didn’t change anything, just then after the ssh login refused me.

Getting the exact same thing, my ssh key is now being refused. Ever since updating. Quite annoying because I can’t do anything now.

Is it required to use the USB method to put the key file when using HASSIO when using the HASSIO operating system? I’m using version 0.70 of both PuTTY and PuTTYgen. Does that make a difference?

Update: Apparently a change on alpine caused this. This is fixed with 5.3 of the addon.

My problem was caused by not cutting the entire password text out of putty gen (into my OpenSSL config in Hassio) Make sure you scroll all the way to the bottom of the key info not just the stuff you can see in the initial window.

Thanks… this fixed it for me…; )