Fixing "Server refused our key" errors when setting up SSH key authentication

Published on Oct 15, 2012

Today I was trying to set up my iPad so that I can connect remotely to my Linux servers in case of emergency. My servers only allow password-less connections via SSH keys, so I needed to set up those key pairs on my iPad and servers. When trying to connect from the iPad through iSSH or Prompt, I always got the message "Server refused our key", while I was sure I put the correct key into ~/username/.ssh/authorized_keys.

But of course, when we thing we're right, Linux shows us we are not. Whenever you are having problems setting up SSH keys, make sure you tail or view the log file /var/log/secure. There you'll see that sshd is throwing up errors that can be pretty useful.

This is what I found out: First, I got: Authentication refused: bad ownership or modes for directory /home/username/.ssh This can be fixed by giving permissions of 700 on the .ssh directory. Ssh will barf when you give it group permissions, so stay away from that.

Your /home/username/.ssh/authorized_keys file should have permissions 600 and you need to be the owner of the file. Next up was the following error: error: key_read: uudecode AA122B3NzaadC1yc2CB3AABJQA... That means you have a newline somewhere in your authorized_keys file. Yes you do, check again. Still can't find the newline? Check again.

On another machine, I also got the following error, which basically means the same thing. sshd[1777]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0 You have a newline somewhere or your keys aren't added in the right way in your authorized_keys file. Double or triple check that your authorized_keys file does not contain strange new lines. Once you've checked all that, you should be all set to be running SSH on your iPad, pretty awesome.

SSH on the iPad

No comments? But that’s like a Gin & Tonic without the ice?

I’ve removed the comments but you can shoot me a message on Twitter @GoodBytes to keep the conversation going.