TIL: Putty “Server refused our key”

I’ve had this strange problem for about a year or more, where on my main Windows system, I can’t log in to local Linux servers using SSH Public Key authentication. I get this “Server refused our key” message. The same key files on a different computer work fine though.

Tonight I finally got annoyed enough to investigate deeper. Googling did not help me, so here’s a blog post so that it might help you. The final straw was installing the RancherOS ISO, which exclusively uses SSH keys, and not being able to get into it from my normal desktop. I suspect this is not the most common cause of “Server refused our key” errors, especially if you are getting them from multiple client to the same server. Look at the server’s SSH config in that case.

I use Pageant, and it has my usual keys loaded at boot time.

So I enabled debug logging in Putty and SSHed to my Linux desktop.

With that enabled, I was able to see this in the logs:

Event Log: Reading key file "C:/xampp/htdocs/cacti-1.0.6/plugins/weathermap/dev/Vagrant/.vagrant/machines/develop/virtualbox/private_key.ppk"
Event Log: Pageant is running. Requesting keys.
Event Log: Pageant has 4 SSH-2 keys
Event Log: Configured key file not in Pageant

So it turns out that at some point I had a Vagrant box running, and saved its private key into my DEFAULT putty profile. From there, it got saved into other profiles. Further, if putty had a specific key in this box, and it no longer exists, it never gets as far as the Pageant-supplied keys, and just gives up!

Removing that entry (at the bottom of the SSH auth section) has cured all my problems, and RancherOS is back on the menu!