Using PuTTY private key for new user on AWS EC2 Server
Solution 1
If you have pasted the public key to the authorized_keys
file in the format shown in the question (---- BEGIN SSH2 PUBLIC KEY ----
), it won't work.
You have to use the one-line format shown in PuTTYgen labeled "Public key for pasting into OpenSSH authorized_keys file".
It would be like:
rsa-key AAAAB3NzaC1yc2EAAAABJQAAAQEAs2f7SVX8KOu0RvzQh0r6uwWS/TB5uXO7+QEsCxF+0CF3vwLeOn+cNw1HQHy7EDHhGw4eYvL/ErbIyv4I8HgGe/IFe4qPUOMy3vtzZNjqemBsy32Lgsx/flQBYLW+XzYC4LeZv3TSZjfYyIk8ilRBOzdkP4CdYeK0rPRbPPtlLQY5l95h1UnmuORNgA93yLqvKI/dSnkvKyTrJoCGbRXr5pept5Y9LSEHYlEadrBpogsF9LYj/HDeaoIjBhGQu+CZRDzZSxgtv3+nePEkoeV1xC8tyJ83JiHcrX3PbjouJHLLTWa2tl40XM913dkUSsbha2Fbd0wBchry9y2BlpUA9Q== rsa-key-20150209
Solution 2
If you generated your private/public key in putty and directly copied them to your Linux distribution, the keys will be in Putty
format. You will need to change it to OpenSSH
format first before you can use it to connect to github or other server. Otherwise, it will give you an incorrect error and tell you that you need a passphrase.
Even though the private key may not have a .ppk
file extension, it can still be in a putty format. You can open the file in notepad or other text editor to check the correct format.
OpenSSH format for public key
ssh-rsa AAAAB3NzaC1yc2EAAAA…
OpenSSH format for private key
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA4Jgy…
Newer OpenSSH format for private key
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAA…
How to use generate key in OpenSSH format from putty:
If you are using ssh
in Linux to log into another server or to log into github, you have to use the openssh format of the id.
Steps:
- In the start menu type
Puttygen
to openPuttygen
. Then pressLoad
or pressAlt-l
to load private key:
- Convert putty private key to Open SSH format
Conversions>Export OpenSSH key
Save key as
id_rsa
If you are using Putty to log into linux and then ssh into another server, or ssh into github, copy the id_rsa to ~/.ssh/id_rsa
if it still doesn't work, follow the steps here: https://superuser.com/a/1285777/658319
Related videos on Youtube
Boundless
Updated on September 18, 2022Comments
-
Boundless over 1 year
I started an AWS EC2 instance. I can connect to my instance with the user ec2-user using the SSH private key generated by Amazon.
I followed the directions at: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html to add credentials for a new user "bob".
I created a new user bob, and generated a new public+private key set using PuTTY Key Generator. I moved the public key onto my EC2 instance at /home/bob/.ssh/authorized_keys
I changed the owner and group of /home/bob/.ssh and /home/bob/.ssh/authorized_keys to bob:bob
I changed the permissions of /home/bob/.ssh to 700
I changed the permissions of /home/bob/.ssh/authorized_keys to 600
When I try to SSH into my EC2 instance as bob, with bob's private key I git the error:
PuTTY Fatal Error Disconnected: No supported authentication methods available (server sent: pulickey,gssapi-keyex,gssapi-with-mic)
The PuTTY console shows:
Using username "bob". Server refused our key
I also tried from a command line to ssh into my EC2 instance with bob's private key, with no prevail. It didn't accept the key's passphrase. I also tried with a keypair that doesn't have a passphrase, but I was still prompted for a password and couldn't get on the server.
Here's my very verbose output
$ ssh -vvv -i bobs_key.ppk [email protected] OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug2: ssh_connect: needpriv 0 debug1: Connecting to ec2-12-345-678-910.us-west-2.compute.amazonaws.com [12.345.678.910] port 22. debug1: Connection established. debug3: Not a RSA1 key file bobs_key.ppk. debug2: key_type_from_name: unknown key type 'PuTTY-User-Key-File-2:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Encryption:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Comment:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Public-Lines:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type 'Private-Lines:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type 'Private-MAC:' debug3: key_read: missing keytype debug1: identity file bobs_key.ppk type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4 debug1: match: OpenSSH_6.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,a es256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,a es256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-grou p14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,ae s192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,ae s192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-512-etm@ openssh.com,[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,h mac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-512-etm@ openssh.com,[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,h mac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 140/256 debug2: bits set: 512/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /c/Users/bob/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /c/Users/bob/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'ec2-12-345-678-910.us-west-2.compute.amazonaws.com' is known and matches the RSA host key. debug1: Found key in /c/Users/bob/.ssh/known_hosts:1 debug2: bits set: 501/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: bobs_key.ppk (0x0) debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: bobs_key.ppk debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key 'bobs_key.ppk': debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> debug2: bad passphrase given, try again... Enter passphrase for key 'bobs_key.ppk': debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> debug2: bad passphrase given, try again... Enter passphrase for key 'bobs_key.ppk': debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> debug2: bad passphrase given, try again... debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Putty log:
2015-02-08 08:35:15 Looking up host "ec2-12-345-678-910.us-west-2.compute.amazonaws.com" 2015-02-08 08:35:15 Connecting to 12.345.678.910 port 22 2015-02-08 08:35:15 Server version: SSH-2.0-OpenSSH_6.4 2015-02-08 08:35:15 Using SSH protocol version 2 2015-02-08 08:35:15 We claim version: SSH-2.0-PuTTY_Release_0.62 2015-02-08 08:35:15 Doing Diffie-Hellman group exchange 2015-02-08 08:35:15 Doing Diffie-Hellman key exchange with hash SHA-256 2015-02-08 08:35:16 Host key fingerprint is: 2015-02-08 08:35:16 ssh-rsa 2048 b6:76:a5:c6:06:dc:3c:d6:c2:65:fe:f5:55:27:b9:ef 2015-02-08 08:35:16 Initialised AES-256 SDCTR client->server encryption 2015-02-08 08:35:16 Initialised HMAC-SHA1 client->server MAC algorithm 2015-02-08 08:35:16 Initialised AES-256 SDCTR server->client encryption 2015-02-08 08:35:16 Initialised HMAC-SHA1 server->client MAC algorithm 2015-02-08 08:35:16 Reading private key file "C:\bob.ppk" 2015-02-08 08:35:16 Pageant is running. Requesting keys. 2015-02-08 08:35:16 Pageant has 1 SSH-2 keys 2015-02-08 08:35:16 Configured key file not in Pageant 2015-02-08 08:35:16 Offered public key 2015-02-08 08:35:16 Server refused our key 2015-02-08 08:35:16 Using SSPI from SECUR32.DLL 2015-02-08 08:35:16 Attempting GSSAPI authentication 2015-02-08 08:35:16 GSSAPI authentication request refused 2015-02-08 08:35:16 Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
Server sshd log:
Feb 8 08:35:16 ip-101-10-101-1 sshd[3182]: error: Received disconnect from 22.33.44.555: 14: No supported authentication methods available [preauth]
Here's an example of the public key generated by PuTTY
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "rsa-key-20150209" AAAAB3NzaC1yc2EAAAABJQAAAQEAs2f7SVX8KOu0RvzQh0r6uwWS/TB5uXO7+QEs CxF+0CF3vwLeOn+cNw1HQHy7EDHhGw4eYvL/ErbIyv4I8HgGe/IFe4qPUOMy3vtz ZNjqemBsy32Lgsx/flQBYLW+XzYC4LeZv3TSZjfYyIk8ilRBOzdkP4CdYeK0rPRb PPtlLQY5l95h1UnmuORNgA93yLqvKI/dSnkvKyTrJoCGbRXr5pept5Y9LSEHYlEa drBpogsF9LYj/HDeaoIjBhGQu+CZRDzZSxgtv3+nePEkoeV1xC8tyJ83JiHcrX3P bjouJHLLTWa2tl40XM913dkUSsbha2Fbd0wBchry9y2BlpUA9Q== ---- END SSH2 PUBLIC KEY ----
Here's an example of the private key to go along with it
PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc Comment: rsa-key-20150209 Public-Lines: 6 AAAAB3NzaC1yc2EAAAABJQAAAQEAs2f7SVX8KOu0RvzQh0r6uwWS/TB5uXO7+QEs CxF+0CF3vwLeOn+cNw1HQHy7EDHhGw4eYvL/ErbIyv4I8HgGe/IFe4qPUOMy3vtz ZNjqemBsy32Lgsx/flQBYLW+XzYC4LeZv3TSZjfYyIk8ilRBOzdkP4CdYeK0rPRb PPtlLQY5l95h1UnmuORNgA93yLqvKI/dSnkvKyTrJoCGbRXr5pept5Y9LSEHYlEa drBpogsF9LYj/HDeaoIjBhGQu+CZRDzZSxgtv3+nePEkoeV1xC8tyJ83JiHcrX3P bjouJHLLTWa2tl40XM913dkUSsbha2Fbd0wBchry9y2BlpUA9Q== Private-Lines: 14 UP7YT8e9aWk159T5xO1P0MR5AbAuhTh9hzjFw98igBaYhco9ATUhOyXVumBuHnuB 1+2aiucV22XUuJIWDjRDdX3uSmUMsDXPPS4li6GOvdGMBo66bcLAqNbwNuzS7ogX fFQ23TzsPnDbrOqwNcNOl9Suf7MA6u6s7sACFsflxAuCSRe9iiyxcRLXafvAl/AH BD3Ltd4i49SICrjmW3vEAndX6r0QqMQ5GjzorQhu1I2b4dYdQqVAOThYSfXTR9p4 nHTvoeO+Qi7qTmzZMRUAEkh7tC+4J8idHN5e3k6hpzV8z0E7arjbtPH8gDbG1FL2 ZevCJX2s4b4bGL9a9vzxzLLg/TikZBr0QAVHtTU5sPgViCSgkeAKTeIsQcLKT/vt Kl8UOpaalyoeRTSo9HNUEwuz99aK7WjzvKRGHIUpioqBsA7C7Yj/hLq/ofKOZQgJ lp6bsSA0GkY5zncPHUSIrCu5xcdO9cNnKaXwf5qjJfW9udqzHRIf19Jgzo6NlymL SxGBa+bXmn+15BIg1R23mE/VTBZoKRbmCgVRFlz4vLGIyTwbtnNIaFIZIxvhUVgs PWIG2E4orNKZ+n1g92RI0MGoyk+WMOajAoCbMWsIEgFBTqWDAxliEgtyu/npuIFD RbufWC/kIoSm/GVbIUoEYCDbR6KSi3OzdHCQKYufSUk67vP2BGfS9jxRe98/YhvQ WXgxtHFWZ2p6KqDIurdWUtnoO2IYrBBeZwXSOPHuJkQaIOC6XBLFflKM4XXAdXl1 vsuAGXBnZ2BJfbxifWNvSlf60SXOeggvxYXx3euVkTpBtb6yy6AeIN7VJDjqMpn5 +Jz/PazNXUbHLZqBvBxYF9MBgACqGmV3b8dtiL3bCvFcuDv/JYTdSFtCgysgbs0s Private-MAC: 44a5eabcdebd7d33a1c99f72016563d26b435832
-
Martin Prikryl about 9 yearsCan you share PuTTY's event log? And even better a corresponding snippet of SSH server's log? As to the
ssh
connection attempt: OpenSSHssh
client does not support PuTTY private key file format, you have to convert the key to OpenSSH format. -
Martin Prikryl about 9 yearsHow does your
authorized_keys
file look like with a public key generated by PuTTYgen? -
Boundless about 9 yearsI added an example of both the private and public keys generated.
-
-
Boundless about 9 yearsThat was the problem. I can't believe how much time I wasted trying to use the saved public key. Thank you for the help.
-
trumpet205 about 7 yearsPutty can generate key that is usable on OpenSSH. After you generate the key in puttygen on the top it should say "Public Key for pasting into OpenSSH authorized_keys file". Simply copy that over to authorized_keys file.