Uncomon Git server error: "Refused pubkey" (but the key is tested valid)

Question

I have here a particular problem that may be a client issue. However, I am getting a server error. So please read through, maybe you will agree with me that this is a really weird problem and hopefully you will help me resolve it!:)

Here is my situation:

I got a setup at home with Git and Gitolite server working with key authentifications. My private key and public key were validated and working properly until last week. Now on my client computer #1 it is impossible for me to push/pull any refs from my Git server.

I have tried the same key with the exact same repository (mounted on same drive) but with my laptop, and my server will accept the key...

I tried to uninstall / reinstall Git, generate other key-pairs, rechecking my SSH configs, restarting my server services, but nothing works. When I check my SSH logs on DEBUG mode, I barely get any details about the error:

Jul 28 06:46:28 git-server sshd[5100]: debug1: Forked child 19124.
Jul 28 06:46:28 git-server sshd[19124]: Set /proc/self/oom_adj to 0
Jul 28 06:46:28 git-server sshd[19124]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jul 28 06:46:28 git-server sshd[19124]: debug1: inetd sockets after dupping: 3, 3
Jul 28 06:46:28 git-server sshd[19124]: Connection from xx.xx.xx.xx port 53847
Jul 28 06:46:28 git-server sshd[19124]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Jun__3_2012_14:48:17
Jul 28 06:46:28 git-server sshd[19124]: debug1: no match: PuTTY_Local:_Jun__3_2012_14:48:17
Jul 28 06:46:28 git-server sshd[19124]: debug1: Enabling compatibility mode for protocol 2.0
Jul 28 06:46:28 git-server sshd[19124]: debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1
Jul 28 06:46:28 git-server sshd[1002]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
Jul 28 06:46:28 git-server sshd[1002]: debug1: session_by_channel: session 0 channel 0
Jul 28 06:46:28 git-server sshd[1002]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
Jul 28 06:46:29 git-server sshd[19124]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
Jul 28 06:46:29 git-server sshd[19124]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
Jul 28 06:46:29 git-server sshd[19124]: debug1: temporarily_use_uid: 1001/1001 (e=0/0)
Jul 28 06:46:29 git-server sshd[19124]: debug1: trying public key file /home/gitolite/.ssh/authorized_keys
Jul 28 06:46:29 git-server sshd[19124]: debug1: fd 4 clearing O_NONBLOCK
Jul 28 06:46:29 git-server sshd[19124]: debug1: restore_uid: 0/0
Jul 28 06:46:29 git-server sshd[19124]: debug1: temporarily_use_uid: 1001/1001 (e=0/0)
Jul 28 06:46:29 git-server sshd[19124]: debug1: trying public key file /home/gitolite/.ssh/authorized_keys
Jul 28 06:46:29 git-server sshd[19124]: debug1: fd 4 clearing O_NONBLOCK
Jul 28 06:46:29 git-server sshd[19124]: debug1: restore_uid: 0/0
**Jul 28 06:46:29 git-server sshd[19124]: Failed publickey for gitolite from xx.xx.xx.xx port 53847 ssh2**
Jul 28 06:46:29 git-server sshd[19124]: debug1: do_cleanup

Now I am thinking that my server works well because I have tested my Putty key in two other client locations and everything works just fine. Maybe it is my workstation that has trouble with sending my Putty key. In case it is a client problem here are my pc specs:

intel i7 3770 x64
windows 7 ultimate
16gb ram

Thank you in advance!

What a ssh -vvv yourServer gives from your clients (the one that doesn't work, and the one that does work). Seems to me a client issue. Is your $HOME changed in any way? Are your protections correct? (as in http://stackoverflow.com/questions/3712443/creating-ssh-keys-for-gerrit-and-hudson/3712619#3712619 for instance) — VonC, Jul 28 '12 at 22:23
I am in windows so there is no $HOME, i run my programs under administrator. The same key is used by my 2 client to connect to the same server at the same path: one client is working the other not. I run "ssh -vvv gitolite@host -i path/to/key" from my 2 clients and i get the following output: http://oi47.tinypic.com/kcxli8.jpg http://oi48.tinypic.com/28k28j.jpg Thank you again — Fredow, Jul 30 '12 at 17:33
If there is no `HOME`, that is your problem right there: see http://stackoverflow.com/questions/10122439/msysgit-and-ssh-config-missing/10122865#10122865 or http://stackoverflow.com/questions/5318590/auth-fails-on-windows-xp-with-git-and-tortoisegit/5322335#5322335 for two examples where making sure `%HOME%` is defined is important. — VonC, Jul 30 '12 at 18:13
Looking at your first screenshot, your file %HOME%\.ssh\f*_rsa is not a valid key file. — dolmen, Aug 03 '12 at 07:41
dolmen: you are right i was loading a putty key instead of openSSH. @VonC: Ok, I've correctly set my HOME environment variable in my windows to %USERPROFILE% and my keys are in %USERPROFILE%/.ssh/* I have converted my valide putty key to OpenSSH and tryed to run again the initial command after running ssh-agent.. ss-add.. Here is my output (client-side): http://i46.tinypic.com/etrwcx.png http://i48.tinypic.com/2e6dnbd.png http://i49.tinypic.com/jb0f34.png The server output remains the same. — Fredow, Aug 04 '12 at 22:09

score 1 · Answer 1 · edited May 05 '14 at 11:10

1

Check that the public key is formatted like this:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5k6P+EKZ/G8+YT8kpHUmyp2d+4S/1kIAqPQcIt+qjpf9i0v9pwWCJdgYhiwD18pjUL2tM0D6zofKF3mQJdJbW22yAqBQ/YmswEHcH+1/QxHxaYHvXxaqakgvFcWW3DZ/ShsgWfJyhw7naKMWKcgAJJHPJfmAHtEWPLDhBAzpEQc=

and also check if it is a known host or not.

edited May 05 '14 at 11:10

Cody Gray - on strike

239,200
50
490
574

answered Feb 13 '14 at 12:35

mahmoud gamal

42
6

The private and public key are exactly the same on my laptop and on my tower. And it is only working on my laptop even tho i recieve a server error. The formatting is ok. I have still no idea why that key is refused only from my computor but works anywhere else. – Fredow Feb 15 '14 at 23:15

score 1 · Accepted Answer · answered Oct 03 '14 at 20:58

After all this time; problem solved!

Apparently it’s a Putty issue with the Registries that confuses the ToirtoiseGit windows client. I'm surprise how this case is not documented anywhere. Thanks for my friend who found the solution.

So on Windows, all the sessions information and the Putty settings are located here

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY

By deleting the “Sessions” and the “SshHostKeys” folders, which are automatically re-generated after, have solved the problem. But we didn’t know why.

More digging leads us to the conclusion that when the default settings are altered via the putty interface, it causes Plink (the putty agent for the ToirtoiseGit), to stick to the default settings of Putty instead of focusing on the “auto-loaded putty key” setting.

The bottom line is

If you have those symptoms, empty the “PublicKeyFile” variable located in HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\Default Settings
Or... simply do not edit/save the default settings in Putty !!!

I hope that this solutions will help others also ! :)

score 0 · Answer 3 · answered Sep 19 '12 at 04:17

I've had a similar issue with PuTTY on Windows where I had changed the key used to authenticate to various servers. But it still had a path to the original key file in some of my saved sessions which was no longer valid.

The solution there was to fish around through the saved sessions and remove the offending keyfiles - I think it was under Connection/SSH/Auth

Uncomon Git server error: "Refused pubkey" (but the key is tested valid)

3 Answers3