SSH PuTTy keys not working after upgrade 12.0-U8 to 13.0-U2 + link help bug

R

Ricko1

Dabbler
Joined
Jan 29, 2017
Messages
12
Hello Everyone,

I just upgraded my server from TrueNAS Core 12.0-U8 to 13.0-U2. Using PuTTy on Windows 10 to log into the SSH shell is no longer working. I get a "server refused our key" error and a popup "no supported authentication methods available (server sent: publickey)

Checked the root user in TrueNAS and it still has a public key. Changing the SSH setting to password means it works without key. Already tried changing the key, but that didn't change anything. Updating PuTTy to 0.78 also didn't fix it. I can't find anything related to this in the release notes. SSH client library doesn't have anything to do with this, right?

Also found a bug in the SSH menu under Services -> SSH -> Configure -> Allow Password Authentication -> ? "additional setup" links to http://the.earth.li/{6}Esgtatham/putty/0.55/htmldoc/Chapter8.html this website gives a 404 Not Found error. Is this information not in the IX systems TrueNAS documentation?
 

Attachments

  • putty error.PNG
    putty error.PNG
    3.8 KB · Views: 98
C

c77dk

Patron
Joined
Nov 27, 2019
Messages
468
how large is the key ?
 
R

Ricko1

Dabbler
Joined
Jan 29, 2017
Messages
12
Default puttygen settings, so 2048 bit rsa? Why would that matter? It's literally worked for years (2019)
 
C

c77dk

Patron
Joined
Nov 27, 2019
Messages
468
I've encountered some old putty keys which was only 1024bit, and newer openssh wont allow them.
Have you added support for rsa keys ? it's off by default in newer openssh, and I believe it's the same in CORE (I'm on SCALE)
 
R

Ricko1

Dabbler
Joined
Jan 29, 2017
Messages
12
After a good night's sleep and another 2 hours.... I have a solution to set a new key and session:
  1. Generate SSH keypair in TrueNAS gui under System (This guarantees a compatible format, PuTTygen has too many options)
    1. copy public key data into desired user "SSH Public Key"
  2. Download private key file as .txt
  3. Import key file into PuTTygen
  4. Enter a password
  5. Save private key .ppk file somewhere safe on local disk where it won't move or be deleted
  6. Delete downloaded private key (unprotected .txt file in downloads)
  7. Open PuTTy and delete existing Session
  8. Under Connection -> SSH -> Auth -> Credentials: Browse for Private Key and select saved .ppk file
  9. Enter IP under Session and Save session settings
  10. Open session to test functionality. You should be prompted for the password after entering the user
 
GBillR

GBillR

Contributor
Joined
Jun 12, 2016
Messages
189
Ricko1 said:
After a good night's sleep and another 2 hours.... I have a solution to set a new key and session:
  1. Generate SSH keypair in TrueNAS gui under System (This guarantees a compatible format, PuTTygen has too many options)
    1. copy public key data into desired user "SSH Public Key"
  2. Download private key file as .txt
  3. Import key file into PuTTygen
  4. Enter a password
  5. Save private key .ppk file somewhere safe on local disk where it won't move or be deleted
  6. Delete downloaded private key (unprotected .txt file in downloads)
  7. Open PuTTy and delete existing Session
  8. Under Connection -> SSH -> Auth -> Credentials: Browse for Private Key and select saved .ppk file
  9. Enter IP under Session and Save session settings
  10. Open session to test functionality. You should be prompted for the password after entering the user
Click to expand...
I am having the exact same issue following update from 12.0-U8 as well.

Following these instructions, I am still not able to log in as root via ssh.

In my troubleshooting, I have noticed that the key pair generated by TrueNAS is ssh-rsa 3072 bit. I have also tried simply using PuTTrgen to create this key length, which also does not work.

In the auth.log I am receiving the following error: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
 
R

Ricko1

Dabbler
Joined
Jan 29, 2017
Messages
12
GBillR said:
I am having the exact same issue following update from 12.0-U8 as well.

Following these instructions, I am still not able to log in as root via ssh.

In my troubleshooting, I have noticed that the key pair generated by TrueNAS is ssh-rsa 3072 bit. I have also tried simply using PuTTrgen to create this key length, which also does not work.

In the auth.log I am receiving the following error: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Click to expand...
What PuTTY version are you running? 0.78 was released yesterday. I was on 0.71 before this. There is no update notification in PuTTY.
With those instructions PuTTYgen only password encrypts and saves as a PuTTy key file.

The OpenSSH upgrade apparently also breaks replicating from TrueNAS Core 13.0 to 12.0 since 12.0 has "an outdated SSH client library" see known issues: https://www.truenas.com/docs/core/corereleasenotes/#130-u2 ssh-rsa is disabled by default due to security
 
GBillR

GBillR

Contributor
Joined
Jun 12, 2016
Messages
189
Ricko1 said:
What PuTTY version are you running? 0.78 was released yesterday. I was on 0.71 before this. There is no update notification in PuTTY.
With those instructions PuTTYgen only password encrypts and saves as a PuTTy key file.

The OpenSSH upgrade apparently also breaks replicating from TrueNAS Core 13.0 to 12.0 since 12.0 has "an outdated SSH client library" see known issues: https://www.truenas.com/docs/core/corereleasenotes/#130-u2 ssh-rsa is disabled by default due to security
Click to expand...
I am on 0.74. I will update to see if that corrects my issue. Thanks for pointing out that replication also is broken... This is my backup NAS, and sure enough, replication from my other box is now not working due to auth failure. I am sure these two issues are connected somehow...
 
R

Ricko1

Dabbler
Joined
Jan 29, 2017
Messages
12
GBillR said:
I am on 0.74. I will update to see if that corrects my issue. Thanks for pointing out that replication also is broken... This is my backup NAS, and sure enough, replication from my other box is now not working due to auth failure. I am sure these two issues are connected somehow...
Click to expand...
Checked my file and PuTTYgen tells it's fingerprint begins with ssh-rsa 3072 SHA256 I did not put in the SSH Auxiliary Parameter from the known issues.
 
GBillR

GBillR

Contributor
Joined
Jun 12, 2016
Messages
189
Ricko1 said:
Checked my file and PuTTYgen tells it's fingerprint begins with ssh-rsa 3072 SHA256 I did not put in the SSH Auxiliary Parameter from the known issues.
Click to expand...
Updating puTTY to 0.78 fixed my issues with logging in via SSH.

Afterwards, I did also have to enter the SSH Auxiliary Parameter from the known issues note in order to fix my replication problem.

Thanks for the quick replies. I am not sure why updating from 0.74 to 0.78 corrected my problem though... I cannot tell from the changes what would have been the issue.

In any event, thanks again!
 
M

Mario1971

Dabbler
Joined
Jul 14, 2019
Messages
40
Hello!
Thank you! I had the same problem - after updating to Putty 0.78 everything works again.
 
You must log in or register to reply here.

Similar threads

C
Why is it so hard to get ssh working?
Replies
5
Views
3K
cheekymonkey
C
tikenn
SSH Login with Kerberos Keys using FreeIPA as the IdM
Replies
9
Views
5K
krbyerdog
K
bal0an
[Known Issue] After upgrade 12.0-U8.1 to 13.0-U2 replication tasks fail to authenticate
Replies
4
Views
1K
bal0an
bal0an
M
SOLVED Cant set up keys using Putty and PuttyGen with SSH
Replies
11
Views
6K
ctphillips
ctphillips
R
SSH Push Replication Fails against SSHD 8.8
Replies
1
Views
1K
Richard Durso
R
Top