Using PublicKey from a NATted client

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I'm trying to use Putty (v.53b) to connect to an OpenSSH (v3.4p1) server
via publickey exchange (using a password to login works fine but I'm
getting sick of entering a password each time I login). I used Puttygen
to generate a SSH2 RSA 1024 bit public/private key pair. I copied the
public key as one line into /root/.ssh/authorized_keys on the server.
Now when I load the private key into my Putty session and try to connect
to the server, I see the following error on the server side when running
the server in debug mode and the Putty client just asks me for a password:

     debug1: trying public key file /root/.ssh/authorized_keys
     debug1: restore_uid
     Failed publickey for root from port 16497 ssh2

Where is my cable modem's public IP address. I'm
guessing the problem is that my home network is using the address space and that the private IP address is somehow
included in the public key. Whatever the case, has anyone run into and
hopefully solved this problem of trying to access an SSH server from
behind a NAT device using public key exchange?

Thanks in advance,

Ed Meagher

Re: Using PublicKey from a NATted client

Hash: SHA1

Quoted text here. Click to load it

Your diagnosis is surely wrong.  I have no problem logging in from
behind a NAT box (using putty).  I have never had the problem you

Maybe you miscopied the public key.

Version: GnuPG v1.2.4 (SunOS)


Re: Using PublicKey from a NATted client

Quoted text here. Click to load it

As always, if you use a text editor, use vi, not pico when you copy and
paste the key in, and don't forget to hit "i" first in vi. Also, You got to
force SSH version 2 in putty. Other basics including, the file
authorized_keys not group/world writable. I have no problem either way
(NATed client and NATed server).

Re: Using PublicKey from a NATted client

Quoted text here. Click to load it

No, ip addresses are not included in the keys. `man sshd` even says:
"if somebody somehow steals the key, the key permits an intruder to log
in from anywhere in the world". ssh does not care where you created a
key or if you changed your ip address meanwhile.


Re: Using PublicKey from a NATted client

Quoted text here. Click to load it

You can, however, restrict where a key may be used from with the "from="
option in authorized_keys.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline